Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1143
Views
0
Helpful
4
Replies

ASA IOS and FirePower Management Center

Go to solution
_Ratha_
Level 1
Level 1

‎06-15-2017 07:49 PM - edited ‎02-21-2020 06:10 AM

Dear All,

ASA IOS and FirePower Management Center.

If I want to block or allow a traffic (ex: ICMP) where do I should configure? ACL or firepower Policy?

where should I configure VPN ASA ios or firepower management?

where are different between ACL on IOS and firepower management?

Thank

Ratha

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-16-2017 12:51 AM

Please note an ASA generally runs ASA software. It never runs IOS. IOS is used on routers and switches.

When running an ASA with FirePOWER services module, general traffic ACLs should be done on the ASA itself. We configure and apply access control policies in FirePOWER when we want to differentiate between traffic that has already been given a first pass check by the parent ASA and provisionally allowed through the device (subject to further inspeciton by the FirePOWER module).

There is a unified image available called FirePOWER Threat Defense or FTD. With FTD, the ACLs are all configured within the FTD user interface - either locally (with FirePOWER Device Manager) or on the remote manager which is known as FirePOWER Management Center or FMC.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-16-2017 12:51 AM

Please note an ASA generally runs ASA software. It never runs IOS. IOS is used on routers and switches.

When running an ASA with FirePOWER services module, general traffic ACLs should be done on the ASA itself. We configure and apply access control policies in FirePOWER when we want to differentiate between traffic that has already been given a first pass check by the parent ASA and provisionally allowed through the device (subject to further inspeciton by the FirePOWER module).

There is a unified image available called FirePOWER Threat Defense or FTD. With FTD, the ACLs are all configured within the FTD user interface - either locally (with FirePOWER Device Manager) or on the remote manager which is known as FirePOWER Management Center or FMC.

0 Helpful

Go to solution
_Ratha_
Level 1
Level 1
In response to Marvin Rhoads

‎06-16-2017 12:51 AM

Thank you so much for replying.

could you explain me about VPN as well. as ASA software also have VPN and I found that FirePOWER Management Center have VPN feature. How could I use VPN feature on FirePOWER?

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to _Ratha_

‎06-16-2017 01:13 AM

There was an old site-site VPN capability with the classic FirePOWER appliances (3D 7000 and 8000 series). I've never seen anybody use it though I have heard some old Sourcefire customers did so.

FMC can configure site-site VPN for that as well as for managed FTD appliances. As of version 6.2.1 it also supports remote access VPN (AnyConnect-based via SSL or IPsec IKEv2). However that is only for FirePOWER 2100 series with FTD. We expect 6.2.2 to add the same support for all FTD platforms in the near future.

Other than those, you setup and configure ASA-based VPNs (IPsec site-site or IPsec / SSL remote access) the same way you always have - from ASDM or the CLI.

0 Helpful

Go to solution
_Ratha_
Level 1
Level 1
In response to Marvin Rhoads

‎06-19-2017 06:41 PM

Dear Marvin Rhoads,

I'm really appreciate your respond.

Thank

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card