Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1471
Views
0
Helpful
1
Replies

Cisco ASA 1000V Cloud Firewall

oscar cordero
Level 1
Level 1

‎06-19-2013 01:41 AM

My client wants to securice the trafic between the corporative LAN and the servers. They have and architecture with Nexus 5000 and FlexExtender 2000. I atached the architecture network. We thinking implement the "ASA Service Module" into the core switch 6500, but the ASA Multiprotocol firewall throughput is only 16 GB, and we have 40 GB between Nexus 5000 and CORE 6500, and 20GB between CORE 6500 and each two Access Switchs. So the client think this firewall in midle can get down the performance between Users and Servers from 40 GB to 16GB.

CAN WE DO THE SECUTIRY USING ANOTHER WAY? for example "Cisco ASA 1000V Cloud Firewall" this can be compatible with nexus 5000 and 2000 and how change the architecture the phisicly and logic?. I dnt know nothing about this ASA 1000v, but if is factible, and the througput is better or more scalable or more easy implemntation or is recomended by cisco instaed "ASA Service Module" I can start to learn about.

The client have 24 physicly server EsXi.

N5k and SW6500.pngaccessswitch and sw6500.png

thanks you in advance.

Labels:
0 Helpful
1 Reply 1

plotniku7
Level 1
Level 1

‎08-17-2013 05:36 AM

Hi Maucorpat,

So, let's think. if all your servers will be on esxi with nexus switches on them, you might be able to make this. you can group ASA1000V in pooll of resources and using VNMC you will ve able to distribute ASA1000V resoruces per server groups. you will need a firewall per esx, in order to have traffic opimized. VSG is optional. it can help filtering per VM access based on name or other VM details, not based on IP.

With VNMC you can make same policies and applie for a pool of firewalls across all ESXi.

toghether with ASA1000V you will need VSG and Nexus 1000V and VNMC.

below you can find capabilities for ASA1000V

Cisco ASA 1000V Cloud Firewall Performance Capabilities

Feature

Cisco ASA 1000V Cloud Firewall

Maximum Firewall Throughput (max)

1.2 Gbps

Maximum Firewall Throughput (multi-protocol)

400 Mbps

Maximum Concurrent Sessions

200,000

Maximum Connections per Second

10,000

VPN Throughput

200 Mbps

Maximum VPN Tunnels

750

if you do not trust to virtual networking, you should go with physical devices: pai of ASA 5585-X with SSP60 connected in cluster.  anc configured with protchannels

5585-X firewall allows 20 Gbps firewall traffic, but clustering will increase by a formula.


0 Helpful
Customers Also Viewed These Support Documents