«

Cisco ASA 5500 Series Enterprise Editions
Cisco ASA 5500 Series Firewall Edition for the Enterprise
Cisco ASA 5500 Series Anti-X Edition for the Enterprise
Cisco ASA 5500 Series IPS Edition for the Enterprise
Cisco ASA 5500 Series VPN Edition for the Enterprise

Hmm ...so many version.. I need firewall/VPN peer/site to site VPN...

when I check their parts # ASA5510-BUN-K9 is available for both vpn and
firewall edition..

Are they actually the same ?

Dave

Peter Simons wrote:
> X-No-Archive: yes
>
> Cityexplorer wrote:
> > delgrun...@gmail.com wrote:
> >
> >>Yes. Don't buy one. Get the ASA 5500. A 5510 would be comparable.
> >
> >
> >
> > too bad that it's out of our budget..
> >
> > Yes means it will fit our needs?
> >
> > Dave
> >
> Your sure
> http://www.s2s.ltd.uk/product/cisco/...sme_firewalls/
> PIX-515E-R-DMZ-BUN Cisco PIX 515E Chassis including Restricted software
> and 3 Fast Ethernet Ports. £ 1,420.00
>
> http://www.s2s.ltd.uk/product/cisco/...ries_solution/
>
> ASA5510-BUN-K9 ASA 5510 Appliance w/ SW, 50 VPN Peers, 3 FE, 3DES/AES £
> £1310.00
>
>
>
> I know their uk prices but for similar products they are similar price.
> If their is no legacy reasons to go Pix I would go ASA
>
> (And recently have bought one to )

Hi Dave,

You may wish to investigate the Refurbished Cisco PIX Firewall Guide:

http://www.bradreese.com/refurbished...-firewalls.htm

As well as List Pricing and Availability of Refurbished Cisco PIX
Firewalls:

http://www.bradreese.com/cisco-inventory-search.htm

Sincerely,

Brad Reese
BradReese.Com - Cisco Repair
http://www.bradreese.com/cisco-big-iron-repair.htm
1293 Hendersonville Road, Suite 17
Asheville, North Carolina USA 28803
USA & Canada: 877-549-2680
International: 828-277-7272
Fax: 775-254-3558
AIM: R2MGrant
BradReese.Com - Cisco Technical Forums
http://www.bradreese.com/cisco-technical-newsgroups.htm

Cityexplorer wrote:
> Thanks for your precious information. Price in Canada is about $3235CDN
> which is cheaper than the 515E.
>
> Before I look into the details doc, what is the major advantage of
> ASA5500 over 515E?

The ASA product line is the replacement for the Pix 500 series product
line. The replacement for the 506 and 501 was introduced a week or so
ago (ASA 5505), as was the replacement for the 535 (ASA 5550). I would
expect Cisco to announce the EoL/EoS for the remaining 500 series
products in the next 6 months.

The ASAs have more encrypted and non-encrypted throughput. The ASA has
feature cards that can do virus filtering, spam filtering, phising and
other content filtering, IPS, and all sorts of other useful stuff.

Go through Cisco's website and compare the two products:

http://www.cisco.com/en/US/products/ps6120/index.html
http://www.cisco.com/en/US/products/...030/index.html

The Pix 500 series isn't listed on the main page under Security
anymore. You have to dig deeper to find any mention of them.

You could buy a Pix but it will cost you more and give you less. It
would be comparable to buying that really nice quad-PIII server you've
wanted for years for $10k when you could buy a quad-dual-core Xeon for
a couple grand less. Go with the ASA.

J

One thing to remember is the PIX won't route between VPN tunnels. That is,
if remote-site-1 is connected to HQ and remote-site-2 is also connected to
HQ, then the two remote sights can't reach each other. The same is true for
VPN clients. They will access HQ fine but can't access the networks at
either remote site or each other. The simple fix for the remote sites is to
have a tunnel between them. As for the clients....well they don't usually
need to reach the other clients and really should be connecting to the site
they need to reach anyway.

Does the ASA 5500 series have this same "Feature"?


"www.BradReese.Com" <> wrote in message
news: oups.com...
> Hi Dave,
>
> You may wish to investigate the Refurbished Cisco PIX Firewall Guide:
>
> http://www.bradreese.com/refurbished...-firewalls.htm
>
> As well as List Pricing and Availability of Refurbished Cisco PIX
> Firewalls:
>
> http://www.bradreese.com/cisco-inventory-search.htm
>
> Sincerely,
>
> Brad Reese
> BradReese.Com - Cisco Repair
> http://www.bradreese.com/cisco-big-iron-repair.htm
> 1293 Hendersonville Road, Suite 17
> Asheville, North Carolina USA 28803
> USA & Canada: 877-549-2680
> International: 828-277-7272
> Fax: 775-254-3558
> AIM: R2MGrant
> BradReese.Com - Cisco Technical Forums
> http://www.bradreese.com/cisco-technical-newsgroups.htm
>



--
Posted via a free Usenet account from http://www.teranews.com

In article <44bfad39$0$2203$>,
RC <rcohen _ "at" _ cominc _ "dot" _ net remove all _ and spaces> wrote:
>One thing to remember is the PIX won't route between VPN tunnels.

It will in 7.x (if so configured), which is the version PIX 515E are
sold with now.

X-No-Archive: yes

Walter Roberson wrote:

>
> At that point, you are into cost/risk analysis. Historically there
> have been ways to "vlan hop", to trick routers or switches to
> deliver packets sourced in one vlan over into a different vlan.
> There haven't been any recent issues about that (at least not on
> reputable equipment), so it becomes a matter of risk: what is the
> probability that someone will develop a -new- vlan hopping attack,
> and what is the probability that someone will be able to (and choose to)
> exploit that attack against your network; and is the probability
> of success over a given time interval worth the extra cost?

Reasons Do not always have to be technicail they can be management Etc.

The firm may have a policy that the DMZ is on a separate interface.
Could just be the MD's bee in the bonnet. It could be its a small
organisation with the person resonsible not confident at setting up
Vlans securly.

Peter