Cisco Firewall :: Difference Between ASA 825 And 841
May 25, 2011
I am building 20 pairs of failover firewalls for work and I was wondering from the users of the new code 8.3 - 8.4 if there are anything to watch out for. I know NAT changes from 8.2x to the newer 8.3 - 8.4 lines but would like to hear about real world thoughts on it.
I am working on my CCIE-Security on the side and right now the lab uses 8.2 but I am a good 6 to 9 months out, so I wonder if there will be a change in the lab to 8.3 before I try to go take it, what code to load and use on the production boxes.
I recently inherited a Cisco 2911, that appears to have had Firewall rules imported into Externally Defined Rules. ACL's are currently allowing/disallowing traffic. However, there are no firewall rules configured. To meet compliance we need to have Packet Lavel Inspection (Firewalled) rules. There are two areas in the router, under ACL area, and under Security. What is the difference between these two Firewall areas?Are both areas providing packet level inspection?Can I build Firewall rules (within the Security area) to replace the ACL's?
I have ISA server 2006 sp1 and i can install many good software to management of network like gfi web Mon, soft perfect bandwidth manager and many more.
And I have an ASA 5520 AIP-SSM module so what security management Asa can give and what security feature it has and also so I will convert my network firewall from MS ISA to CISCO ASA.
We are moving from a different vendor to ASA 5520s. So far my "training" for Cisco consists of s Cisco press book, some white papers and guides, this website, and a bunch of mistakes. So, I have what is probably a pretty basic question for most folks.
What is the difference between Firewall Access Rules and ACL/ACE? And when to use which?
for example: on my ASA 5520s I've set up an Interface for my internal LAN: 172.16.x.x., a DMZ 192.168.2.0/24, and an interface for the Internet side. The 5520 is set up as a routing firewall betwen my internal lan, DMZ, and Internet.
If I want to allow my internal users Internet access for http and https would I use a Firewall Access rule?For most of my rules allowing outbound access from my 172 LAN and DMZ and inbound access to devices in my DMZ can I mostly utilize the Firewall Access Rules?
do you think there would be a visible (or negligible) difference in internet speed if I used a hardware firewall as opposed to the router's inbuilt firewall?So assuming that all switches/ports were Gigabit Ethernet compatible (including the firewall itself), would it be a better idea to turn off the router/modem's firewall and use the hardware firewall, or would it be best to just stick with the router firewall?The reasoning behind this is that I'm not a big fan of Netgear... or their firewall system. After recent DDoS attacks (and IP address changes), I've decided to put a computer that was lying around to good use - Use it as a (Linux) firewall. iptables, here we come. - Yes, the Netgear router (CVG824G) has died a few times. Probably going to get upgraded to a NG CG3000, which uses (more or less) the same firewall system, I assume.
What's the difference between VPN Plus license and Security Plus license. I have new 5520 shipped with VPN Plus license.Also does it require a seperate license for Anyconnect for Mobile and AnyConnect Essentials.
ASA 5510 have two model Bun-K9 and Sec-Bun-K9 from the datasheet find out difference Port related and Redundancy. My questions is : Have any major difference for Security service between two model ?
I need to set up a VPN connection between two branch offices and the main office (three nodes)From the specs it looks like CISCO881-K9 can do the job. What is the main difference between CISCO881-SEC-K9 and CISCO881-K9?Is Avanced IP security feature set required?
Although I know the difference between 802.11 a and 802.11 g standard but just confused about this. When both the standards have been originated from OFDM and provides maximum Data rate of 54 Mbps. They have almost similar features and the only difference is of Frequency range they work on i.e. 5 Ghz and 2.4 Ghz respectivity.If they both have so many similarities then why there are 2 different standards - a and g. Just due to the frequency bands are different ?
I have connected Huawei switch with Cisco switch using one single fiber with LX SFP. The port is up on one side (Blinking on Huawei side) and down on Cisco side..
SPA-1X10GE-WL-V2 and SPA-1X10GE-L-V2,I'm looking to add ASR 1002s for my internet edge and I need 10GE interfaces on them. Is there a difference between those 2 I've listed ?
I am pursuing a case of Cisco 7600 where the customer has asked me to highlight the major difference between teh new ES20 line cards and the SIP 400 cards
I found a 851 router and tried to build a ezvpn tunnel. The issue I am running into now is that a 851 router can only have one vlan in its database. I need two vlans to go into the EZvpn tunnel with using another device. So can you tell me if a 881 router can have more than one vlan created on the router and can those vlans be assigned to a interface and can I create a svi for each of those vlans as well.
I have a problem in understanding how LLQ is implemented in different platforms of Cisco.QoS should kick in only when there is a congestion in the link irrespective of queueing / scheduling (LLQ and CBWFQ).But in certain platforms like GSR and IOS-XR, LLQ is confiugred only with priority and police command not with "prioirity percent <value>" command. In priority and police command since policer is used, LLQ is always on even there is no period of congestion. Of course with police you can re-mark the exceed traffic to different marking but thats not the requirement in my case.
In platforms like 7206, LLQ is configured with "prioirty percent <value>" which works ideally only when there is a period of congestion. When there is no congestion, LLQ class can use scanvenge other classes as well.Would like to know is there any specific reason why there is a difference in the implentation of LLQ between different platforms of Cisco.
I want to make a career in networking.What does 3g stand for.is it different from 1G or 2g except that the speed is higher than the above two.And nowdays the USB modems that come out say 3g and also there are two kinds of speed 3.6Mbps and 7.2 Mbps.How come such a huge difference under the same kind of connection standard .And when 3g came out there was lot of hype.
When I start a web browser based application with a URL beginning with the 192 IP address. it runs as it should including the script dbscript.php which executes a MySQL commit unit.However when I start the application with the same URL but beginning instead with "localhost", it fails during the commit unit. It puts a blank screen up (rather than a Succesful or Failed commit screen) and leaves an error message in the Apache error_log indicating a problem with dbscript.php (which does the commit).I assume the 192 IP address is that of my modem. I assume that because the application will not start with the 192 URL if the modem is switched off. The application will start whether the modem is on or off if the URL begins with "localhost".I have checked all hosts files that are on the system and see nothing amiss there -- they are all defaults and no changes have been made by me.
Configuration:
Mac OS X v. 10.6.8 Apache v. 2.2.21 PHP v. 5.3.8 MySql v. 5.1.39
