Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1381
Views
0
Helpful
3
Replies

Should I buy ASA or use firewall Cisco CBAC?

Go to solution
news2010a
Level 3
Level 3

‎09-09-2008 12:05 PM - edited ‎03-11-2019 06:41 AM

What is the real disadvantage of using Cisco IOS as the firewall when compared to spend money buying Cisco ASA?

In my case, I have outsourcing partners (semi-trusted network) and I need to make a decision on whether I should spend money buying a full Cisco ASA or firewall or whether using the Cisco IOS features is enough to keep my protection?

please opine.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
suschoud
Cisco Employee
Cisco Employee

‎09-10-2008 05:41 AM

The biggest disadvantage of using IOS f/w is the high load on cpu and memory usage of router.As router needs to keep a lot of tables in mem. for routing info,adding the translation tables to it can result in an unresponsive router.Ofcourse that depends on the traffic passing through this router.But with asa,you do not need to worry about that.Even the baby asa5505 can take care of large throughput.

Regards,

Sushil

View solution in original post

0 Helpful
3 Replies 3

Go to solution
francisco_1
Level 7
Level 7

‎09-09-2008 10:58 PM

I would go for ASA instead. Better VPN/Firewall through-put. Its designed to protect networks whereas the router is primarily designed to route data If you want a filtering solution, use Cisco IOS. if you want a real firewall that does deep packet inspection, etc...use the Cisco ASA.

ASA's are Firewall/VPN Concentration/Router in a single box.

0 Helpful

Go to solution
suschoud
Cisco Employee
Cisco Employee

‎09-10-2008 05:41 AM

The biggest disadvantage of using IOS f/w is the high load on cpu and memory usage of router.As router needs to keep a lot of tables in mem. for routing info,adding the translation tables to it can result in an unresponsive router.Ofcourse that depends on the traffic passing through this router.But with asa,you do not need to worry about that.Even the baby asa5505 can take care of large throughput.

Regards,

Sushil

0 Helpful

Go to solution
cisco24x7
Level 6
Level 6
In response to suschoud

‎09-10-2008 06:23 AM

Why not use Vyatta? It is open source and fully

supported. I use it as a firewall on an IBM

x3650 with dual quad-core processors with

4GB RAM. It pushes an insane amount of traffics. The configuration is very easy to

manage, very much like Juniper JunOS.

my 2c

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card