Now that I answered the same question twice @ EE, it would be better that I bookmark it for the sake of others here;

So, the question is when it comes to a platform with Cisco to be a Firewall, do we use Cisco Router or Cisco PIX Firewall ? Both has a lot of similar feature set and the argument of using router as firewall instead of shelling more money on PIX/ASA ?

 

PIX (Packet Internet Exchange)

These are the firewall series from Cisco Networks (Now moving towards ASA). It is a hybrid firewall with capabilities of stateful firewall, Application proxy etc. The way it works is known as ASA (Adaptive Security Algorithm). This gear is specifically meant for doing firewall functions to much higher level

http://www.examcram2.com/articles/article.asp?p=101741&seqNum=4&rl=1

Cisco Routers

These are general routing engine which is made with different types of interfaces supporting routing in big scale. For example, pix can support only primitive level of routing but Cisco Routers can run almost all routing protocols that are available now. Now if you ask whether the firewall functionalities can be done by these routers? YES. Special image needs to be used and a Cisco Router can work as a vpn endpoint and a firewall. This is called CBAC (Context Based Access Control)

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt3/scdcbac.htm#wp1000981

So what is the difference. The numbers of throughput, while Routers are meant to have different idea the PIX is made only for the firewall functions. So firewall related outputs (VPN, Encryption speed etc..) are high in the PIX.

If VPN is only what you’re looking at then probably a Cisco Router would do, but *encryption speeds* matter, with PIX/ASA it would be much faster.

As well, application awareness is more in PIX/ASA than a normal Router. You could turn a router into a firewall but it is good only for layer 3 and layer 4 traffic to a major extent, while ASA or PIX would do more that that.