Solved: ASA 1000V is a tenant edge

Daniel Stefani · ‎06-08-2014

Hello,

My customer is migrating its Datacenter Environment, similar to the attached picture.

Today, they have a 6500 Core Switch with FWSM providing Security for Inter Vlan access.

Using N1Kv + N7K with the same Inter Vlan connectivity, what is the best option to provide Security Policies and enjoy the 20GB Uplink ?

One ASA 1000v Instance for each VLAN is a good option ? I will not have performance problems ?

Thank you in advance for help ..

Daniel Stefani

Peter Koltl · ‎06-23-2014

ASA 1000V is a tenant edge firewall. It is recommended to isolate tenants from outer world and from each other. An ASA 1000V always has only two interfaces so multiple instances result in a firewall management question.

Simple Inter-VLAN (and even intra-VLAN) filters can be implemented by VSG if protocol inspection (fixup) is not a requirement.

View solution in original post

Daniel Stefani · ‎06-10-2014

Hello,

Any Help? This is the correct place to post this doubt?

Best Regards,

Daniel Stefani

Peter Koltl · ‎06-23-2014

ASA 1000V is a tenant edge firewall. It is recommended to isolate tenants from outer world and from each other. An ASA 1000V always has only two interfaces so multiple instances result in a firewall management question.

Simple Inter-VLAN (and even intra-VLAN) filters can be implemented by VSG if protocol inspection (fixup) is not a requirement.

Help in Security Solution for N1Kv Design