PIX or ASA - Small Business

Hello Cisco Experts,

As a small business consultant I finally have to learn Cisco. Just enough to do the basic setup/configure (open/close ports, vpn site-site, port forwarding, etc) for small businesses. I've done alot of research the last few days between the PIX and ASA and I'm just not 100% sure which I should learn. I figure the best way for me to learn is to just get a book and some kind of virtual software CD etc... Here are my questions though:

1. For small businesses what version should I learn, PIX or ASA?

2. If I learn PIX, will I be able to walk into a client and configure ASA as well, and vice versa? (I read something about IOS 7.X on a PIX is the ASA version???)

3. Can someone please point me in the right direction on this confusing road I'm on? :)

I dont want to purchase training material and spend valuable hours learning PIX or ASA just to find out I should have chosen the other.

I have networking experience and can configure 3rd party firewalls and have some experience with ISA 2004 so I'm not a nebie in networking just a total newbie Cisco wise.

Any training material you have found to be valuable please let know.

Thanks for your support and feedback!!!
Who is Participating?
Jan SpringerCommented:
The pix 525 supports v7 and I would recommend ebay.

Make sure that they have the latest v7 code on it because code downloads from Cisco require a SmartNet contract.

If you can't get the latest code, check into the cost of SmartNet for software only -- the 525 and SmartNet may be less than an ASA.

Cisco has many firewall books.  I started out with www.cisco.com and www.google.com and used them for a long time before I purchased any books.
Jan SpringerCommented:
I've configured PIX v4, v5, v6 and v7 and Cisco IOS Firewall Feature set.  

I would think that if you learn ASA or PIX v7, you should be able to apply the concepts from one to the other.
Keith AlabasterEnterprise ArchitectCommented:
ASA would be the product of choice.

Firstly PIX is heading towards end of sale so soon you will have to change anyway.
Secondly, ASA provides far more functionality to your business.
Thirdly, ASA is not the new toy it once was - it is a proven and reliable paltform and is the recommended product of most professional groups these days.

Flip side
Firstly, Pix is still the best hardware-based firewall on the planet

No offence - I do ISA server and Cisco and they are not the same..... Concepts are similar but that is about all....
The smaller PIX such as the 501 and the 506 do not support version 7, they stopped at 6.3(5) and there are no plans to deploy it.
However, PIX and ASA have a graphical user interface (GUI) that can be used to configure them.


Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Jan SpringerCommented:
Booo to the GUI :)

He won't learn from that.

If this is a personal expenditure, it might be cheaper to find a PIX that supports v7 to start with.

There's nothing like hands on experience.  Then, he could find/buy documentation regarding the configuration of the ASA appliance.
Keith AlabasterEnterprise ArchitectCommented:
We all have our own view lol
tolinromeAuthor Commented:
Thanks guys.
So I guess ASA would be the way to go then. I definitely wouldnt want to learn from the GUI to start with at least.

So, If I buy a used PIX that supports version 7.X it will technically be using the ASA? Is that what you suggest?

ebay here I come...
tolinromeAuthor Commented:
btw - is having the knowledge of a ccna kind of required to learn all of this?
Keith AlabasterEnterprise ArchitectCommented:
ccna covers the basics of netowking including basic routing protocols, interconnecting devices etc. It is the basis that all other switching/routing exams etc are based on for the Cisco track but is relevant everywhere really. It is not a must but IS a great asset to CV and to knowledge.

No, I don't think the PIX is the same as ASA at all but as stated, this is just my view.
tolinromeAuthor Commented:
man im confused...
Jan SpringerCommented:
I don't have any cisco certifications.  You don't need them if you start with the basic concepts and application and go from there.

It's help to have an appliance to play with.

The PIX != The ASA
tolinromeAuthor Commented:
ok, can you guide me in which pix firewall applicance I should purchase and what version and if you know of any good book/cd's to go along with it ????

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.