We try to price a PIX 515 R DMZ model today with our local provider in Madrid. They said they still could get the 515 but would rather sell us the ASA 5510 because according to them Cisco is fazing out the PIX line.
Is this true?
If I can configure the 515 without too many problems how easy/hard will the ASA 5510 be.
Are there real advantages to going with the ASA?
Would I be dumb to sick with the PIX?
Like I said we have certain experience with the PIX line and it has been our company standard. We don't have too much time to get trained on new equipment so we dont know who to believe.
Except for a few items not implemented on the ASA yet, the ASA uses the same command language as PIX 7.x.
Newer, faster, support for additional features, more likely to live on.
If you are starting from PIX 6, then ASA is noticably different -- but then so would be the PIX 7 that would arrive on the PIX 515E.
My understanding is that there are a couple of PIX 6 features that haven't -yet- made it into PIX 7 / ASA 7, mostly having to do with PPTP and L2TP.
But what you should watch out for is the pricing / licensing model. The ASA line has features that have to be licensed seperately, and optional modules. The brochures about what all is available on the ASA line are sales brochures, a bit blurry as to what is included in the base device and what you have to pay extra for.
Also, the top end ASA at the moment is (last time I checked) about twice as fast as a PIX 525, but substantially slower than a PIX 535. Check the performance ratings --- and check again if you intend to use any of the differentiating features such as the anti-X features, as those cannot keep up with the base firewall / VPN configurations.
I haven't checked the performance figures for a couple of months; my recollection is that the device corresponding in performance to the 515E is the model -after- the 5510.