07-16-2018 11:48 PM - edited 02-21-2020 07:59 AM
Dear All,
We need to connect a branch office to headquarters by site to site VPN.
We got quotation from vendor for 5506-X with FirePower services with following items:
I think for site to site VPN, firepower is not necessary, but this is already the basic model.
I would like to know is it possible to disable the firepower function (or module?) and use purely ASA function?
Thanks.
Roy
Solved! Go to Solution.
07-17-2018 03:21 AM
If you do not enable the Firepower functionality on the ASA, it works like a traditional ASA software. In order to enable Firepower services, you would need to
1) install the software on the Firepower software module
2) Register it to ASDM or FMC
3) pass traffic to it using a service policy.
https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html#pgfId-150498
IF you don't do #3, you should be good to use it as an ASA doing just VPN.
07-17-2018 03:21 AM
If you do not enable the Firepower functionality on the ASA, it works like a traditional ASA software. In order to enable Firepower services, you would need to
1) install the software on the Firepower software module
2) Register it to ASDM or FMC
3) pass traffic to it using a service policy.
https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html#pgfId-150498
IF you don't do #3, you should be good to use it as an ASA doing just VPN.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide