Cisco ASA 5500 Series Appliances

Toggle sidebar Toggle sidebar
N

NathanBWF

Golden Member
May 29, 2003
1,810
0
0
Anyone have Cisco 5500 series device(s) deployed in their network? If so I'd like to know what you think about them as I would like to replace our current Watchguard Firebox in 2007. I'm also interested in the AIP and CSC modules for it.

Any and all comments/reviews would be greatly appreciated! :beer:
 
C

Cooky

Golden Member
Apr 2, 2002
1,408
0
76
We're replacing our Pix515E's w/ ASA5550s.
They're not yet on the production network so I can't really tell you what I like or dislike about it, but it looks promising.

I'm not sure which momdel of Firebox you have, but this one I've used before didn't perform up to our expectation. It had to be reset every while, and the VPN client software was acting up too...
 
S

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
What's the interface like for the ASA appliances? Never messed with one.

But I despise PIX for any decent size rule base. I don't do much of the management of them but it's godawfull ugly.
 
A

azev

Golden Member
Jan 27, 2001
1,003
0
76
At my previous contract job we used these (5540) with aip-20 card I believe.
Like Cooky said, the os(7.0) is still kinda buggy, but the hardware looks very promising.
Definately much much more powerfull than the 535 pix, but yet in smaller form factor.
A good all in one hardware for multiple service such as firewall, vpn endpoint, and ssl vpn, IDS.
We used 2 of the 5540 for edge firewall in failover mode, and another layer of fw blade on our 6509.
 
N

NathanBWF

Golden Member
May 29, 2003
1,810
0
0
Originally posted by: Cooky
We're replacing our Pix515E's w/ ASA5550s.
They're not yet on the production network so I can't really tell you what I like or dislike about it, but it looks promising.

I'm not sure which momdel of Firebox you have, but this one I've used before didn't perform up to our expectation. It had to be reset every while, and the VPN client software was acting up too...
Click to expand...


Firebox 1000.

And yes, I hate it. It a lot of the time when you make any type of chance, it will require a reboot. We've had VPN issues with it too. All in all, I'm not very impressed with it.
 
B

Boscoh

Senior member
Jan 23, 2002
501
0
0
The last version I played with in a production network was 7.2 on a 5510 at my last job. It was very, very stable. We replaced a 515 with it. The initial release, 7.0, was incredibly buggy. The bugs were fixed rather quickly though.

I have only played with them in the lab since then. Stateful failover works very well, as does active/active FO w/ load-balancing. The new 7.x code is very similar to IOS, with class-maps, policy-maps, and service-maps controlling most of the advanced features.

You may want to consider comparing the ASA's to the Cisco Integrated Services Routers (ISR's).
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom