This is a multi-part message in MIME format.

--===============1808483059==
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_005C_01C6F460.FC75BC90"

This is a multi-part message in MIME format.

------=_NextPart_000_005C_01C6F460.FC75BC90
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit



Jerry, not being smart here, but why not purchase a firewall with the
features you want and save a little $$$, and keep the performance that you
desire. Sounds to me like you are a Cisco guy. I would look at the Pix. I
like it and have great flexibility as my topology changes. Just a thought on
a Friday close to quitting time.

Sincerely, Richard



_____

From: firewall-wizards-bounces@listserv.cybertrust.com
[mailto:firewall-wizards-bounces@listserv.cybertrust.com] On Behalf Of Jerry
Gardner
Sent: Thursday, October 19, 2006 3:52 PM
To: firewall-wizards@listserv.cybertrust.com
Subject: [fw-wiz] Cisco 2811 vs. ASA 55xx



I just bumped the speed of my DSL connection up to 6MBps and want to replace
my existing FW/router box with something with higher performance and more
robustness.

I'm thinking of either a Cisco ASA (5505 or 5510) or a Cisco 2811 router. If
I go the 2811 route (forgive the pun), I'll get the Advanced Security (with
IOS Firewall) feature set.

I like the versatility of the 2811 since I can get an ADSL card to plug in
and replace my external modem, but I'm not sure it has enough performance.
According to the Cisco data sheets I've read, the 2811 throughput is 61.44
Mbps. Is this real-world throughput with Firewall rules, NAT, and VPN
connections active, or is it with everything turned off? A report I read
said the real-life throughput is more like 2x T1 lines. This is only 3 Mbps.
Who is correct here? If I have a reasonable number of firewall rules active
(using the new zone-based firewall features in IOS 12.4), NAT, and
terminating a VPN connection or two, will my 6 Mbps line overtax the 2811?

The ASA 5510, on the other hand, is rated for 300 MBps. This seems like a
vast improvement on the throughput of the 2811. Is the lack of flexibility
of the ASA justified by the higher performance?

How do the firewalling features of IOS Firewall (the new, improved version
in 12.4T) compare with those of the ASA?





------=_NextPart_000_005C_01C6F460.FC75BC90
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

xmlns=3D"urn:schemas-microsoft-comfficeffice" =
xmlns:w=3D"urn:schemas-microsoft-comffice:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40">


charset=3Dus-ascii">










color=3Dnavy face=3DArial> style=3D'font-size:10.0pt;font-family:Arial;color:navy'>>=



color=3Dnavy face=3DArial> style=3D'font-size:10.0pt;font-family:Arial;color:navy'>Jerry, not being =
smart
here, but why not purchase a firewall with the features you want and =
save a
little $$$, and keep the performance that you desire. Sounds to me like =
you are
a Cisco guy. I would look at the Pix. I like it and have great =
flexibility as
my topology changes. Just a thought on a Friday close to quitting =
time.>>



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Sincerely, =
Richard>>



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>>





size=3D3
face=3D"Times New Roman">






style=3D'font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:
size=3D2
face=3DTahoma>
firewall-wizards-bounces@listserv.cybertrust.com
[mailto:firewall-wizards-bounces@listserv.cybertrust.com] style=3D'font-weight:bold'>On Behalf Of
Jerry Gardner

Sent: Thursday, October =
19, 2006
3:52 PM

To: =
firewall-wizards@listserv.cybertrust.com

Subject: [fw-wiz] Cisco =
2811 vs.
ASA 55xx
>>





style=3D'font-size:
12.0pt'>>



face=3D"Times New Roman">I just bumped =
the speed
of my DSL connection up to 6MBps and want to replace my existing =
FW/router box
with something with higher performance and more robustness.



I'm thinking of either a Cisco ASA (5505 or 5510) or a Cisco 2811 =
router. If I
go the 2811 route (forgive the pun), I'll get the Advanced Security =
(with IOS
Firewall) feature set.



I like the versatility of the 2811 since I can get an ADSL card to plug =
in and
replace my external modem, but I'm not sure it has enough performance.
According to the Cisco data sheets I've read, the 2811 throughput is =
61.44
Mbps. Is this real-world throughput with Firewall rules, NAT, and VPN
connections active, or is it with everything turned off? A report I read =
said
the real-life throughput is more like 2x T1 lines. This is =
only 3
Mbps. Who is correct here? If I have a reasonable number of firewall =
rules
active (using the new zone-based firewall features in IOS 12.4), NAT, =
and
terminating a VPN connection or two, will my 6 Mbps line overtax the =
2811?



The ASA 5510, on the other hand, is rated for 300 MBps. This seems like =
a vast
improvement on the throughput of the
2811. Is the lack of flexibility of th=
e ASA justified by the higher performance?




How do the firewalling features of IOS Firewall (the new, improved =
version in
12.4T) compare with those of the ASA?





>>









------=_NextPart_000_005C_01C6F460.FC75BC90--


--===============1808483059==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards

--===============1808483059==--