Solved: Re: Which is better for Branch Office Cisco ASA or Cisco 1900 ro

wayneshum80 · ‎11-26-2010

Which is a better solution ?

Using ASA55XX or 1900 series router for WAN and Internet access for 25 - 100 users?

Richard Burts · ‎11-27-2010

Without knowing more about the environment and what the real requirements are, it is difficult to give a really good answer. If your main concern is effective stateful inspection of traffic entering and leaving the site then the ASA is optimized for that. If you want redundancy (active/active or active/standby) then the ASA is better for this. There are other potential requirements which may make the router the better choice:

- what is the connection to the Internet? If it is Ethernet then either ASA or router will do fine. But if it is something other than Ethernet then you may need the router.

- is there a need for services such as Policy Based Routing? These are available on the router and not on the ASA.

- is there a need for load balancing on outbound traffic? This is available on the router and not on the ASA.

- will there be a need to do routing on the inside network? The range of available options is wider on the router than on the ASA.

- is there a need to run a routing protocol with the Internet provider? The usual choice for this is BGP and that is available on router and not on ASA.

So consider these criteria as you make your choice. Or provide more detail about your environment and what your real requirements are and we may be able to give better advice.

HTH

Rick

HTH

Rick

View solution in original post

Richard Burts · ‎11-27-2010

Without knowing more about the environment and what the real requirements are, it is difficult to give a really good answer. If your main concern is effective stateful inspection of traffic entering and leaving the site then the ASA is optimized for that. If you want redundancy (active/active or active/standby) then the ASA is better for this. There are other potential requirements which may make the router the better choice:

- what is the connection to the Internet? If it is Ethernet then either ASA or router will do fine. But if it is something other than Ethernet then you may need the router.

- is there a need for services such as Policy Based Routing? These are available on the router and not on the ASA.

- is there a need for load balancing on outbound traffic? This is available on the router and not on the ASA.

- will there be a need to do routing on the inside network? The range of available options is wider on the router than on the ASA.

- is there a need to run a routing protocol with the Internet provider? The usual choice for this is BGP and that is available on router and not on ASA.

So consider these criteria as you make your choice. Or provide more detail about your environment and what your real requirements are and we may be able to give better advice.

HTH

Rick

HTH

Rick

paolo bevilacqua · ‎11-27-2010

In my opinion, the router a much better choice.

In few words, it does all what the ASA does, and a lot more. This include the so-called "secuirty features".

It is also easier to configure and troubleshoot.

You wilol find that in practice where you have a firewall, you will want a router too.

So why using two devices, when a single one ( a router) is enough.

wayneshum80 · ‎11-29-2010

Thanks all for the great feedback.

Another factor I am considering is the price. I find the ASA is lot more expensive than a router.

Which is better for Branch Office Cisco ASA or Cisco 1900 router for Branch Office?