Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
506
Views
0
Helpful
5
Replies

PIX 515 vs. 2621

jleuenberger
Level 1
Level 1

‎09-30-2002 11:01 AM - edited ‎03-02-2019 01:44 AM

Can anyone give me the advantages of using a 2621 Router vs. a PIX for routing with the argument of speed?

Granted I would think the 2621 would be quicker because of less packet analysis...but I'd like to hear opinions and facts...

thanks-->

jason

Labels:
0 Helpful
5 Replies 5

mmellet
Level 3
Level 3

‎10-04-2002 10:31 AM

The major advantage of using a 2621 for routing instead of a pix is the fact that it is a "router". The PIX does not use routing protocols and realistically does not route. The PIX is designed for security not routing.

0 Helpful

jleuenberger
Level 1
Level 1
In response to mmellet

‎10-04-2002 11:33 AM

But the PIX is a layer 3 device, correct?

But now that I think about it...the PIX really just acts as a huge 'door' for lack of better terms....'are you allowed to go to my other interface?'---looks at conduits/acl's---then 'yes' or 'no'.

I think I had already known the answer to that one...I was just looking for a more detailed explanation.

thanks for your help...

-->jason

0 Helpful

wilchan
Level 1
Level 1
In response to jleuenberger

‎10-10-2002 08:20 PM

- 2600 is a router, PIX is not a router

- 2600 uses routing table for forwarding decision, PIX uses the translation table (NAT mapping basically) for forwarding decision

- PIX cannot say to be a layer 3 device, in fact the security algorithm it uses is Layer 7 aware (stateful firewall). For e.g. it understand a Telnet session

- PIX is a firewall, and 2600 can also be a firewall using built-in packet filtering, or it can be a stateful firewall similar to PIX with the Firewall feature set loaded

- In terms of firewall / VPN performance the PIX will be a much better choice since it is designed to perform such function.

0 Helpful

Sridharagupta.b
Level 1
Level 1

‎10-07-2002 12:11 AM

As per my knowledge 2621 with VPN accelarator will be best suitable(cost effective) solution for VPN with 3DES but no failover. 2621 is a router which supports most of the routing protocols and PIX doen't do this. PIX does not support all the routing protocols. 2621 can't be a firewall,but can be a lower-end router. PIX got built in security for each interface depending on the name of that interface.

0 Helpful

jleuenberger
Level 1
Level 1

‎10-11-2002 03:40 AM

All-->thanks for your comments and explanations.

I'm working on a project right now that will remove most of the load and 'routing' from our PIX. It has 6 interfaces and we are currently using ALL of them for 'routing'. Granted some could say that it should stay like that so that we have a layer of stateful packet inspection between all domains/environments...but I think that is unneccessary considering we have 2621's and a 6509 inhouse w/ an MSFC....that was being utilized with zero benefit to our infrastructure.

I love these forums.

-->jason

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card