Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

TAC Security Podcast Episode #23 - The Cisco ASA Services Module

Labels:
3968
Views
0
Helpful
3
Comments
Jay Johnston
Cisco Employee
‎10-19-2011 11:32 AM
edited on: ‎03-08-2019 ‎06:43 PM

Episode Information

 

Episode Name: Episode 23 - The Cisco ASA Services Module

Contributors:  David White Jr., Blayne Dreier, Jay Johnston, Magnus Mortensen

Posting Date: October  31, 2011

Description: This episode features discussion about the new Cisco ASA Services Module (ASASM). Topics discussed include the hardware architecture differences between the ASASM and the Firewall Services Module (FWSM), new features introduced with the ASASM, and FWSM to ASASM migration tools and strategies.

 

Listen Now    (MP3 22 MB; 31:22 mins)

 

Subscribe to the Podcast in iTunes by clicking the image below:

button_itunes.gifrss.gif

 

About the Cisco TAC Security Podcast

 

The  Cisco TAC Security Podcast Series is created by Cisco TAC engineers.  Each episode provides an in-depth technical discussion of Cisco product  security features, with emphasis on troubleshooting.

 

Complete episode listing and show information

 

 

Show Notes

 

ASA SM Block Diagram

 

The following image shows a high level block diagram of the ASA Service Module.

 

ASASM_Block_Diagram.png

 

Performance Information

The following performance statistics come from the ASA SM Product Page on cisco.com:

 

Maximum firewall throughput           20 Gbps

Multiprotocol firewall throughput     16 Gbps

Concurrent connections             10,000,000

Connections per second                300,000

Security contexts                         250

VLANs                                    1000

 

 

Features Supported on the FWSM, but NOT on the ASA SM

 

  • BGP Stub Routing
  • Failover Preemption for Active/Standby Failover
  • Route Health Injection
  • DHCP Relay Interface Specific Servers
  • Stateful Failover Uauth Table Replication

 

Migrating from FWSM to ASA SM

Guide: Migrating to the Cisco ASA Services Module from the FWSM

http://www.cisco.com/en/US/docs/security/asa/migration/fwsm/fwsm2asasm.html

 

Importent note from the link:

 

 You must copy the migrated configuration file to the startup configuration
 of the ASA SM. When the ASA SM is subsequently restarted, the startup configuration
 is parsed upon startup. The ASA SM image takes the NAT, ACL, and other commands
 that have been deprecated or changed from the FWSM and translates the commands
 into the commands that the ASA SM accepts.

 

 

Useful Documents

The Cisco Catalyst 6500 Series ASA Services Module FAQ:

http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps11621/qa_c67-662207.html

 

Release Notes for the Cisco Catalyst 6500 Series ASA Services Module, 8.5(x)

http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn85.html

0 Helpful
Comments
golly_wog
Beginner
Beginner
‎10-31-2011 12:58 PM
‎10-31-2011 12:58 PM

Great show! Thank you.

Now all we need is the ASA-SMs to support VPNs and dynamic routing in A/A.

golly_wog
Beginner
Beginner
‎11-19-2011 06:40 AM
‎11-19-2011 06:40 AM

In the show it is reccomended to use SXJ2, do you mean SXJ1? SXJ2 is currently not publicly available.

Thank you.

Jay Johnston
Cisco Employee
Cisco Employee
‎01-04-2012 09:36 AM
‎01-04-2012 09:36 AM

The SXJ2 is now available for download.

Latest Contents
FTD2110 6.4.0.11High CPU due to Qualys scan from internet
Created by Marius Gunnerud on 04-21-2021 03:08 AM
0
0
0
0
I have a client that runs a Qualys scan on their public IPs once a month.  This scan causes the CPU load on all the cores on the FTD to spike to 100% causing all network traffic through the firewall to stop until the scan is complete.  I am assu... view more
Migrating a Standalone ASA to Firepower using Firepower Migr...
Created by rosarra on 04-21-2021 12:49 AM
1
0
1
0
a simple question: to migrate an ASA firewall to a Firepower 1120 Threat Defense can I use the automated tool provided by Cisco? I understand that it only works with a Firepower Management Center while our solution is a local managed and we do not intend ... view more
PAK License for N9K-C93180YC-FX
Created by terryt on 04-20-2021 11:12 PM
2
0
2
0
Hi, Apology for my queries, just want to confirm. We have 2 units of N9K swtich and we were only given 1 PAK number. When we tried to register this PAK number to the 1st unit we got the information below:Can we still use the same PAK number for the 2... view more
PLR Support for Stealthwatch
Created by navidn on 04-20-2021 09:41 PM
0
0
0
0
Hi,As I heard, a certain version of Cisco Stealthwatch supports PLR licensing, does anyone know about the version and how should I enable it on my service? Thanks in advance 
DMVPN using EIGRP in HSRP cisco router (ASR).
Created by nishakhanal on 04-20-2021 05:56 PM
4
5
4
5
Hello,Currently, we are using DMVPN with OSPF but we need to change it into EIGRP. What changes are necessary for it??
Content for Community-Ad