Announcement

Collapse
No announcement yet.

Cisco ASR 1002 - firewall and VPN

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco ASR 1002 - firewall and VPN

    Hi,

    we will replace our cisco 3550, our vpn concentrators 3000 and our cisco pixes.

    Well, looking at the cisco product side, there is the ASR 1002, which will do what the aboce devices do with much more performance and a lot of more.

    Well, talking about the IOS firewall, is it worth buying? How many has changed since pix? I havenīt used it in real time. What about that mention intrusion detecten? Is it worth or should we take something else?

    In particular, we tested some noname linux based firewall. There, the real time monitoring was fast and great. I could easily look by clicking at everything what was going on in the network, it had some great filtering options.

    Well, it is noname, and therefore a no go. But it was interesting to see, what is possible now. As I havenīt seen current IOS firewalls, Iīm asking myself how this one has evolved? Btw, it there a kind of clickable demo on the web for it?

  • #2
    Re: Cisco ASR 1002 - firewall and VPN

    Are you looking for a Firewall with VPN possibilities?
    Well I think I would go for either Cisco ASA, Check Point, Microsoft ISA (soon TMG), Juniper or someting like that
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Cisco ASR 1002 - firewall and VPN

      Well, I need an IPv6 capable firewall, VPN and to our provider a BGP loadbalancing mechanism with eBGP/iBGP (bgp dmzlink-bw)

      So, basically I need two router at the edge, a vpn concentrator and two firewalls.

      Iīve never seen an IOS firewall in real. I only have my Cisco PIX.

      So, you suggest not to take that integrated IOS firewall?

      Comment


      • #4
        Re: Cisco ASR 1002 - firewall and VPN

        Well if you know Pix then you also know ASA, but more advanced ...
        I'm not sure about the IOS firewall... I believe it's less advanced then the ASA.
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: Cisco ASR 1002 - firewall and VPN

          As Dumber said ASA maybe is more advanced in contrast with IOS firewall.
          The following links are to documents from Cisco website where there is a chart where you can view the possibilities of the IOS firewall and the ASA 5500 series.
          As this is more likely a network design question to me, ASA is good replacement for VPN appliance and will keep your design but will add to it even more options for future services.
          This is about IOS firewall:
          http://www.cisco.com/en/US/prod/coll...080117962.html

          This is ASA 5500 series (some with IPS) products comparison:
          http://www.cisco.com/en/US/products/...omparison.html

          Comment


          • #6
            Re: Cisco ASR 1002 - firewall and VPN

            Also the IOS firewall does only do packet filtering. There is no SPI implementation or what so ever.
            If you are familiar with PIX and you like it, then I think you should have a look at the ASA.
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment

            Working...
            X