ACL Firewall for a CISCO 2610 Border Router

ACL Firewall for a CISCO 2610 Border Router

am 18.02.2007 19:25:24 von djesser2

I'm doing some research on firewalls. Does CISCO recommend any
particular (commercial) firewall for a small organization that uses a
single 2610 for Internet connectivity?

Thaks.

Re: ACL Firewall for a CISCO 2610 Border Router

am 18.02.2007 19:45:58 von roberson

In article <1171823124.535381.98770@t69g2000cwt.googlegroups.com>,
wrote:
>I'm doing some research on firewalls. Does CISCO recommend any
>particular (commercial) firewall for a small organization that uses a
>single 2610 for Internet connectivity?

Urrr -- Cisco would probably recommend their own firewalls ;-)
There is the Cisco PIX series http://www.cisco.com/go/pix
and the newer Cisco ASA series http://www.cisco.com/go/asa

A 2610 could in theory keep a 10 megabit full duplex port
completely busy, if the traffic patterns were right, but
it wouldn't stretch much beyond that. A 2610 would, if I recall,
be aimed at about the 1 x T1 to 2 x T1 market. Is the organization
using VOIP or channelized T1?

Any of the PIX 500 models (that are still sold) can handle
10 megabits/s plaintext; the PIX 501 would be a bit tight if you
wanted to do VPNs at T1 or higher, but the result of the PIX 500
(that are still sold) should be able to handle VPNs at those rates.

The choice of PIX model would depend on the number of internal users
you have; an entry PIX 501 is restricted to 10 users, with a
50 license available (that is usable up to about 20-ish active users
before you start hitting memory problems if your config is large).
The other PIX models do not have per-user limits, so if you have
more than 10 users then it often makes more sense to go for a 506E
than a PIX 501 + extended license.

The choice of ASA models depends upon load and upon features that
you want. THe ASA 5505 is pretty much like the PIX 506E in
capabilities; the ASA 5510 and upwards start adding additional
facilities not available in any PIX.


These days I couldn't recommend getting a PIX 501 or 506E except for
home users or SOHO, as effectively software development has stopped
for those models. The 515E, 525, and 535 are still under ful software
development. I haven't had an opportunity to work with the ASA series.