Announcement

Collapse
No announcement yet.

Anybody worked on Cisco ASA ?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Anybody worked on Cisco ASA ?

    Hello,
    Anybody worked on Cisco ASA? I think small companies use Cisco PIX, and big
    companies need ASA as it's a unified solution....But i am confused ..WHat r the
    key benefits of ASA in real world scenario ??? I went through Cisco's documentation but i want to hear from Cisco geeks who everyday play with
    Cisco ASA's..

    Regard's,
    Amey Abhyankar.
    All in 1
    Solaris,Linux & Windows admin + networking.

  • #2
    Re: Anybody worked on Cisco ASA ?

    Hello Sco,

    Well, if you've used any of the larger PIXes with FOS 7.x, you've pretty much got the hang of the ASA OS- they are (in the main) the same. ASA is what Cisco will be moving to when they can the PIX line is the not too distant future.

    From my perspective, the ASA devices are good because of:

    -there's some modularity built in that will allow for expansion. Already, there are plugins for things like antivirus- hardware modules that actually slot in.

    -they are built on more modern hardware so should scale better than the PIX can (ASA only)

    -they can use a more elaborate form of failover for redundancy (ASA only)

    -they introduce the concept of 'virtual firewalls'- you can run multiple instances of (more basic) firewalls on the same hardware, and have each instance doing different things (ASA and PIX)

    -the application inspection function is deeper (but still very limited, IMHO) (ASA and PIX)

    -they can talk to MS AD servers for AAA out of the box. No RADIUS needed (ASA and PIX)

    There are some other, more minor advantages, but its definitely the way to go.
    btw- where I've said ASA and PIX- I mean that these features are from the FOS 7.x and aren't hardware-specific.

    HTH-

    theterranaut

    Comment


    • #3
      Re: Anybody worked on Cisco ASA ?

      We just bought one for testing at my office so I hope that I can better participate in this conversation soon.

      I heard that they can do integrated anti-virus but not sure of that yet.

      -David
      David Davis - Petri Forums Moderator & Video Training Author
      Train Signal - The Global Leader in IT Video Training
      TrainSignalTraining.com - Free IT Training Products
      Personal Websites: HappyRouter.com & VMwareVideos.com

      Comment


      • #4
        Re: Anybody worked on Cisco ASA ?

        hi david,

        yes, I've looked at that, but the Cisco website is unusually unhelpful on the AV, I found: specifically things like updates, annual costs, etc.

        theterranaut

        Comment


        • #5
          Re: Anybody worked on Cisco ASA ?

          Sorry for the belated update, but one other thing thats just occured to me.

          The ASA/FOS7.x line has a newer web-based management utility called ASDM
          (acronym for Adaptive Security Device Manager, IIRC) which replaces the PIX's
          old PDM (PIX Device Manager).

          Now, I was never a fan of PDM, and stopped using it after it got me into trouble once. I just found it a flaky, command-ignoring mess, ok for a basic get you up and running config, but for anything a bit more advanced you really had to use the command line. My first experience with FOS 5.x was about 6 months ago, and with trepidation I fired up ASDM to see what it was like.

          What a revelation! I think Cisco have finally created a GUI for the PIX/ASA that does the hardware justice, and one you could probably use every day without fear of it letting you down at the wrong moment. You still need to know how the PIX works- you can still create a config that looks like it should do something but doesnt- but its a major improvement.

          HTH
          theterranaut

          Comment


          • #6
            Re: Anybody worked on Cisco ASA ?

            Thanks TT,
            I am now more and more excited to work with the ASA although, I doubt I will ever put it into production as I just love my Fortinet too much.
            I got the ASA really just for learning about it and staying current with Cisco products.

            Talke to you later,
            David
            David Davis - Petri Forums Moderator & Video Training Author
            Train Signal - The Global Leader in IT Video Training
            TrainSignalTraining.com - Free IT Training Products
            Personal Websites: HappyRouter.com & VMwareVideos.com

            Comment


            • #7
              Re: Anybody worked on Cisco ASA ?

              Originally posted by daviddavis View Post

              I heard that they can do integrated anti-virus but not sure of that yet.

              -David

              Yes! ASA comes with built in Antivirus feature. And we need to purchase client based sub licenses. It comes in counts like 50 , 100 , 150 licenses with per ASA
              device. ASA is cheaper in cost if we compare it feature wise with PIX & Router.

              I got price list from 1 vendor. I done calculation and found ASA is worth. I think too that Cisco Systems will close PIX manufacturing. Asa is all in 1 solution. Preety flexible and i heard it has GUI based interface which saves time ultimately.

              Hey david can you send some snaps of ASA's GUI ? So we can get familier with it



              Regards,
              Amey.
              All in 1
              Solaris,Linux & Windows admin + networking.

              Comment


              • #8
                Re: Anybody worked on Cisco ASA ?

                Originally posted by sco1984 View Post
                I think too that Cisco Systems will close PIX manufacturing. Asa is all in 1 solution.
                Yes, I heard from my area Cisco rep that they're discontinuing the PIX line. He also said the Cisco purposely priced the ASA "more attractively" than the PIX because they're wanting people to move in that direction. And I think, if I understood the rep, that you mean the ASA can be an all in one... if you by the various modules, right? I'm really not very familiar with this stuff.

                Just relaying info. I've actually never used Cisco equipment as of yet.... except to pick up an ISDN router and put it in a box.
                Regards,
                Jeremy

                Network Consultant/Engineer
                Baltimore - Washington area and beyond
                www.gma-cpa.com

                Comment


                • #9
                  Re: Anybody worked on Cisco ASA ?

                  Hi JeremyW,

                  It would make sense to me that the PIX would be discontinued as the ASA does all of that and more. It doesn't make sense to sell two competing boxes with one of them being far superior, especially if they are similarly priced.

                  It is interesting to hear that Cisco is finally saying that. The last I heard was when the ASA first came out and they said that that had no plans to discontinue the PIX (which seemed illogical to me).

                  Yes, I believe that the ASA can be "all in one" if you buy all the modules. Now, the definition of "all in one" may be different from Cisco to another vendor. For my production firewall, I have been using a Fortinet box because it performs the all in one functions (firewall, IPS, AV) but also did content filtering and did it all in a fast ASIC-based box for less cost than the Cisco ASA. I am curious to see if the ASA can match up one day or if Cisco just ends up buying Fortinet instead.

                  Thanks for your info on this!

                  -David
                  David Davis - Petri Forums Moderator & Video Training Author
                  Train Signal - The Global Leader in IT Video Training
                  TrainSignalTraining.com - Free IT Training Products
                  Personal Websites: HappyRouter.com & VMwareVideos.com

                  Comment


                  • #10
                    Re: Anybody worked on Cisco ASA ?

                    Originally posted by theterranaut View Post
                    What a revelation! I think Cisco have finally created a GUI for the PIX/ASA that does the hardware justice, and one you could probably use every day without fear of it letting you down at the wrong moment. You still need to know how the PIX works- you can still create a config that looks like it should do something but doesnt- but its a major improvement.
                    ASDM is fairly useless on a pix with any degree of complexity to the config. It's slow too - I can type way faster than I can click and wait.
                    Thanks,
                    Brian Desmond
                    Microsoft MVP - Directory Services
                    www.briandesmond.com

                    Comment


                    • #11
                      Re: Anybody worked on Cisco ASA ?

                      Brian-

                      The sad fact is that Cisco get slated (improperly, IMHO) in the firewall communities for a lack of GUI-ness, and had for some time been promising a 'proper' GUI that would make Checkpoint guys feel at home and want to migrate.

                      ASDM is it.

                      The company I work for specialise in Checkpoint->PIX 'wins' or migrations, and this is something that Cisco give us a lot of time and help to do. There's no way, in the timescales involved, that I can teach these admin guys the rudiments of the CLI for the PIX- they need that comforting 'clicking on stuff' to get them acclimatised. Its very important, politically, for Cisco that the ASDM is adopted and used. Us old-timers can use the CLI (I use nothing else for config and troubleshooting), but even the current exam literature makes great bones of ASDM- so its here to stay.


                      I agree with what you say, and in helping out on these forums there's no way I could describe a 'click on this, click on that' scenario (as some of the MS forums seem to deal in solely!)- so all of my help is geared towards a CLI-based approach, and hopefully this teaches some of the forumites the underlying PIX principles. FWIW, at least the ASDM does not break configs when used, as PDM did. I could never trust it, and always left it installed with a note of caution for their admins: at least I now know that ASDM will not wreck my configs!

                      see you around-

                      theterranaut
                      Last edited by theterranaut; 1st January 2007, 13:35.

                      Comment

                      Working...
                      X