About this blog

This blog is basically aimed at sharing some thoughts about the following topics:

  • Network Security
  • Routing Protocol Design
  • MPLS Networks Design

Given that work is part of life but not life itself, I will eventually promote a breach of protocol and write about other topics of personal interest. Likely subjects in this category are Mathematics, Wine tasting and Human Personality. These off-topic texts will be categorized as Personal_Interest.



Filed under Off Topic

2 responses to “About this blog

  1. Michael

    Alexandre,… your work and your work ethic are both phenomenal. Thanks for sharing so much … I was wondering two things:
    1) Would you be willing to share your own feelings regarding the pro’s and cons of using an ASA versus, using an ISR configured with a ZBF? [Why would you choose one tool versus the other?]

    2) Is there any type of reliable alogrithm that you’re aware of for translating semi-consistent operational configurations between an ASA and an ISR w/ZBF?

    Thanks again for your great work.

    Michael, CCNA-S, CISSP

    • Michael,
      Thanks for the comment. Regarding your questions:
      1) For branch deployment, I think Cisco ISRs with ZFW are a great choice. ISRs have tons of connectivity options (features
      and interface types), routing functionality, multicast, telephony technologies, WAAS and much more. If you think about VPN even better (classic IPSec, EasyVPN, DMVPN, GET VPN,…) And if you consider the typical performance needs of a branch, ISR numbers are (most of the time) more than enough. ASA is a great product and a proven choice (with both functionality and performance in mind). Two classic comments I hear about ASA are: robust and reliable. There are lots of development going on and, as such, stay tuned !
      2) Not an algorithm exactly… But I think one interesting possibility would be to import the config of one product with Cisco Security Manager (CSM) and deploy on the other. The CLI abstraction provided by CSM would be helpful. (Take a look at Chapter 4 of my book: “Learn the Tools. Know the Firewall“. There is a discussion about CLI and GUI integration on Cisco products).
      Hope it helps.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s