So on the ASA 5506-X with a default configuration, it ‘Bridges’ interfaces Ge0/2 to Ge0/8, into one interface which you can call the inside interface an give it an IP address. Well not strictly true, Cisco ASA has had BVI interfaces in ‘ transparent mode‘ for some time. To ‘fix’ the problem would probably mean changing hardware, so Cisco gave us a BVI, Bridge Virtual Interface instead (with version 9.7). Because it’s easier to sell a firewall that cost less than 500 quid, than it is to sell a firewall that fits the network requirements! The problem was, people started throwing them in everywhere, I’ve seen them in large businesses, and in data centres. While I understand that, and if truth be told the ASA 5505, was SUPPOSED to be used in SOHO environments where an all in one device, (with PoE) was a great fit. When the ASA 5506-X appeared there was much grumbling, “This is not a replacement for the ASA 5505, I need to buy a switch as well!” and “I have six ports on the firewall I cant use” etc.
0 kommentar(er)
