Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2052
Views
0
Helpful
2
Replies

FirePOWERS service configuration an existing ASA

KarimOUATTARA0210
Level 1
Level 1

‎06-22-2019 03:20 PM - edited ‎02-21-2020 09:14 AM

Hello Expert,

 

We have an ASA 5525 that was running since 1 year now.

we have purchased firewpower service licenses.

We are juste interested in ips part of that service.

 

My question is : can asa image still handle the access-list and forward the allowed packets to firepower services  ?

 

Regards,

Karim

Labels:
0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎06-23-2019 10:32 AM

yes your ASA works as usal like FW, if you like to use IPS Service you need add additional configuration to intercept the traffic

 

look at the configuration guides :

 

https://www.cisco.com/c/en/us/support/security/asa-5525-x-firepower-services/model.html#ConfigurationExamplesandTechNotes

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-24-2019 07:23 AM

When using a Firepower service module, the ASA continues to do everything it always has (ACL, NAT, VPN etc.) with the addition of having the Firepower services module to do IPS (and URL Filtering and Advanced Malware Protection if you desire and have the licenses).

See the order of Operations for ASA packet processing diagram below for a visual illustration: 

ASA OOO.PNG

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card