15.04.2021

Router Comparison

At first glance, to implement such a task as providing a secure connection of the office to the Internet, both devices provide everything you need:

there is routing (static, dynamic, PBR), as well as a NAT address translation function; you can have two or more providers (IP SLA, BGP is supported); there are firewall functions. If necessary, you can raise a VPN on both devices (site-to- site and remote-access). Everywhere there is support for Netflow, for statistics on traffic. If you need the NG FW (next-generation ME) or NG IPS (next-generation intrusion prevention system) functions on both the ASA and the router, we can do this. Thus, in general, both devices have relatively similar functionality (I note again that we are talking only about traffic routing and security technology). Moreover, from time to time the functionality of one of the devices smoothly flows into another. This introduces additional difficulties in choosing a solution. For example, advanced SSL VPN features have always been the domain of ASA. But over time, many functions of SSL VPN appeared on the router (clientless mode, smart tunnels, etc.). The ability to capture packets on interfaces (packet capture) was also supported for a long time only on the ASA. A similar situation is with the use of various designs when configuring ACLs. We are talking about objects (Object Groups) that allow you to group IP addresses / networks, services on the network. All this smoothly passed to the router OS. The situation is similar in the opposite direction: the ASA introduced support for the BGP protocol, traffic routing based on policies – Policy Base Routing, etc. Therefore, the choice in favor of one or the other solution is far from always predetermined. As usual, the devil is in the details.

Leave a Reply

Your email address will not be published. Required fields are marked *