cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
439
Views
0
Helpful
2
Replies

Border ASA 5585-x firewalls support of the full IRT

fsebera
Level 4
Level 4

Hi,

 

I have a need to add new Cisco ASA 5585-X SSP40 firewalls to the border of our enterprise networks.

Questions is, Will the Cisco ASA 5585-X SSP40 with perhaps 10k ACEs support the full IRT?

 

Thank you

Frank

2 Replies 2

Reza Sharifi
Hall of Fame
Hall of Fame

Hi,

What is IRT?

If you mean Internet routing table, I would not bring almost 600k routes to a firewall.  Firewalls are not design to handle this many routes, you want to bring the routes to a router. ASRs can usually handle that well.

HTH 

Hi Reza,

 

Yes full IRT = Full Internet Routing Table.

Our network is a little complex and spans two different geographical locations 450 miles apart. To enable redundancy between the two separate domains, we need to somehow join the two DMZ domain stateful standalone firewalls to provide failover for each other. Clustering is one option but little hesitate to pursue this option due to the connectivity issues with distance. Active/standby is another option but raises political issues.

Thanks

Frank

Review Cisco Networking for a $25 gift card