The IPS feature does slow it down. Of course the more you do with the
packets, the slower it will get. I'd still recommend the ASA with the
SSM though. For the 5510, here is the specs:


Firewall throughput Up to 300 Mbps

Concurrent threat mitigation throughput (firewall + IPS services)
=95 Up to 150 Mbps with AIP-SSM-10
=95 Up to 300 Mbps with AIP-SSM-20

VPN throughput Up to 170 Mbps


If 150 Mbps is okay, go with the SSM-10. Otherwise, the SSM 20 hardly
slows it down.

I think the ASA is a huge leap from the PIX and would suggest the ASA
over the PIX.

On 12/4/07, John G. wrote:
> hello list,
> we are currently running Cisco PIX 515E's with 128 Megs of RAM. the prob=

> is their CPU's are getting up to high 80% usage. gone through a bunch of
> troubleshooting things and i think it is just time to upgrade.
> my question is do the IDS/IPS features of the ASA make it kinda slow? i
> would hate to have us upgrade to these devices just to find us in the same
> spot. what do people think of the ASA's as compared to the vaunted PIX?
> we were thinking of getting this model: Cisco ASA5510-SEC-BUN-K9
> thanks much,
> jg
> _______________________________________________
> firewall-wizards mailing list

firewall-wizards mailing list