The differences between ASA/PIX OS & Router IOS
Just to name a few major differences between Cisco Router and Firewall:
1. Everything is allowed in router unless you filter, but in Firewall, nothing is allowed unless you permit,
e.g. Outside interface in PIX/ASA doesn’t allow any inbound traffic if it’s not requested by an inside host.
2. PIX/ASA partitions network interfaces to different security levels, while in router interfaces have no difference.
3. You can not Trace-route or Telnet from a PIX/ASA.
4. Access-lists in Router are in wild-card format, while PIX/ASA uses subnet-mask instead of wild-card mask.
5. In PIX/ASA you are able to enter EXEC commands while you’re in config mode, but you need to add “DO” prefix in router for achieving the same result.
6. For PIX/ASA We don’t use “IP” keyword as much as we use in Router, cause its designed for securing IP traffic,
e.g. “show ip route” is “show route”
7. In IOS Router for dot1q tagged traffic we use “encapsulation” command (in interface mode) while in PIX/ASA we use “VLAN vlan-number”
8. Most of configuration of a Firewall is in global configuration, cause of its Policy framework, while in Router you are configuring Interfaces much more…
9.CDP is not allowed /running in ASA/PIX.
