----- Original Message ----- From: "Dylan Ebner" <dylan.ebner@crlmed.com> To: "srg" <srgqwerty@gmail.com>; <nanog@nanog.org> Sent: Tuesday, November 02, 2010 12:42 PM Subject: RE: BGP support on ASA5585-X
IMHO, I don't think this is a marketing issue for cisco. It's a design issue. PIX/ASA is good at some things, and bad at others. They have >never been good as routers. You have to remember, EIGRP didn't even come to the security line until 8.0 code and they still do not support >traffic shaping. >These services use memory and cpu resources which can dramatically reduce your ability to get through very long access >lists.
I am not positive on the ASAs, but I seem to remember that the routing features on the PIX was all done in software. If that is still true >today, I can't imagine you could effectively perform stateful inspection, access
What do you consider very long access lists? Are you aware of how ASAs handle ACLs internally? lists, maybe VPN services, and BGP for a 100Mb+ internet >connection on even a 5585. They just aren't that powerful. Although the ASAs do not support BGP, a ASA5505 will support a 100mbps internet connection. The list price on that is around $700. Stating a $100k+ firewall doesn't support a 100mbps internet connect today is...1990. tv