Cisco ISRs offer firewall features through the Zone-Based Policy Firewall (ZPF) or the older Context-Based Access Control (CBAC). An ASA provides similar features, but its configuration differs significantly from that of an IOS router with ZPF.
The ASA is a dedicated firewall appliance, where the inside interface is typically considered the trusted network, and outside interfaces are considered untrusted. Each interface has a security level, which helps the ASA enforce security policies. For example, users on the inside network can access outside networks based on specific addresses, authentication, authorization, or by integrating with an external URL filtering server.
