BGP support on ASA5585-X
Tony Varriale
tvarriale at comcast.net
Fri Nov 5 20:47:07 UTC 2010
----- Original Message -----
From: "Dylan Ebner" <dylan.ebner at crlmed.com>
To: "srg" <srgqwerty at gmail.com>; <nanog at nanog.org>
Sent: Tuesday, November 02, 2010 12:42 PM
Subject: RE: BGP support on ASA5585-X
> IMHO, I don't think this is a marketing issue for cisco. It's a design
> issue. PIX/ASA is good at some things, and bad at others. They have >never
> been good as routers. You have to remember, EIGRP didn't even come to the
> security line until 8.0 code and they still do not support >traffic
> shaping. >These services use memory and cpu resources which can
> dramatically reduce your ability to get through very long access >lists.
What do you consider very long access lists? Are you aware of how ASAs
handle ACLs internally?
>I am not positive on the ASAs, but I seem to remember that the routing
features on the PIX was all done in software. If that is still true >today,
I can't imagine you could effectively perform stateful inspection, access
lists, maybe VPN services, and BGP for a 100Mb+ internet >connection on even
a 5585. They just aren't that powerful.
Although the ASAs do not support BGP, a ASA5505 will support a 100mbps
internet connection. The list price on that is around $700.
Stating a $100k+ firewall doesn't support a 100mbps internet connect today
is...1990.
tv
More information about the NANOG
mailing list