Cisco is pushing the ASA5520 on us to replace the IDS4250 device we currently have. Other than the version upgrade (which I think could be done on the 4250) I don't see the benefit for us. We don't need to utilize the other functions provided by the ASA (PIX, VPN, etc..), only the IDS. I repeat, we have no need to use the other stuff. Placing it inline with our current failover bundle of PIXen doesn't give me a warm and fuzzy since I'm not sure if there is anything built into the ASA to prevent single point of failure. Additionally, we use fiber from core to PIX, the ASA we have is copper only. They are having a hard time figuring out the ASA on a 'stick' configuration... I'm left thinking this is a device for smaller organizations who need all the functionality in one. Not a good option for IDS/IPS only???
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
ASA5520 recommended for IDS appliance? 2
- Thread starter shunsing
- Start date
-
1
- #2
boymarty24
Technical User
If you feel that your current IDS is enough i dont see any reason to get the ASA. The IPS/IDS module on the ASA is far better then the 4250. Its easier to configure and the reporting is much better. If you feel that the 4250 still does it jobs then stick to it.
-
1
- #3
Supergrrover
IS-IT--Management
For the stick config, it will only do IDS. To have it do IPS, you will need it inline. One thing is that you can have it fail to open so that in IPS mode if it fails, it will just pass along all traffic. As with anything, if it is one piece of hardware you have one point of failure.
Brent
Systems Engineer / Consultant
CCNP, CCSP
Brent
Systems Engineer / Consultant
CCNP, CCSP
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question