Showing results for 
Search instead for 
Did you mean: 

TAC Security Podcast Episode #23 - The Cisco ASA Services Module


Episode Information


Episode Name: Episode 23 - The Cisco ASA Services Module

Contributors:  David White Jr., Blayne Dreier, Jay Johnston, Magnus Mortensen

Posting Date: October  31, 2011

Description: This episode features discussion about the new Cisco ASA Services Module (ASASM). Topics discussed include the hardware architecture differences between the ASASM and the Firewall Services Module (FWSM), new features introduced with the ASASM, and FWSM to ASASM migration tools and strategies.


Listen Now    (MP3 22 MB; 31:22 mins)


Subscribe to the Podcast in iTunes by clicking the image below:



About the Cisco TAC Security Podcast


The  Cisco TAC Security Podcast Series is created by Cisco TAC engineers.  Each episode provides an in-depth technical discussion of Cisco product  security features, with emphasis on troubleshooting.


Complete episode listing and show information



Show Notes


ASA SM Block Diagram


The following image shows a high level block diagram of the ASA Service Module.




Performance Information

The following performance statistics come from the ASA SM Product Page on


Maximum firewall throughput           20 Gbps

Multiprotocol firewall throughput     16 Gbps

Concurrent connections             10,000,000

Connections per second                300,000

Security contexts                         250

VLANs                                    1000



Features Supported on the FWSM, but NOT on the ASA SM


  • BGP Stub Routing
  • Failover Preemption for Active/Standby Failover
  • Route Health Injection
  • DHCP Relay Interface Specific Servers
  • Stateful Failover Uauth Table Replication


Migrating from FWSM to ASA SM

Guide: Migrating to the Cisco ASA Services Module from the FWSM


Importent note from the link:


 You must copy the migrated configuration file to the startup configuration
 of the ASA SM. When the ASA SM is subsequently restarted, the startup configuration
 is parsed upon startup. The ASA SM image takes the NAT, ACL, and other commands
 that have been deprecated or changed from the FWSM and translates the commands
 into the commands that the ASA SM accepts.



Useful Documents

The Cisco Catalyst 6500 Series ASA Services Module FAQ:


Release Notes for the Cisco Catalyst 6500 Series ASA Services Module, 8.5(x)


Great show! Thank you.

Now all we need is the ASA-SMs to support VPNs and dynamic routing in A/A.


In the show it is reccomended to use SXJ2, do you mean SXJ1? SXJ2 is currently not publicly available.

Thank you.

Jay Johnston
Cisco Employee

The SXJ2 is now available for download.

Content for Community-Ad