cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
419
Views
0
Helpful
3
Replies

Cisco ASA to CX upgrade

mwissa_2
Level 1
Level 1

Hello,

I have a couple of questions. I am upgrading from ASA to ASA CX. This is an existing firewall with configurations, policies, nat rules, etc.

1. When you upgrade to CX, does the firewall keep the configuration: ip address of interfaces, security levels, acls, access-groups, nats, anyconnect, etc.?

2. If you don't have the PRSM, can you manage that firewall from the PRSM web interface by https to the ip address?

3. Can you still manage the firewall from CLI and asdm or you can't do that after you upgrade to CX?

Thanks in advance.

3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

1. Yes, the base ASA configuration is unchanged.

2. On-box PRSM (aka single device mode) manages the Next Generation Firewall (NGFW - AVC, WSE and IPS) features depending on which are licensed. You do access it via the PRSM web UI (very limited setup steps are done via sessioning into the module from the ASA cli) and you physically use the ASA management interface. (Although the PRSM interface has its own distinct IP address whether or not you have the interface configured / used in the base ASA.)

3. Yes. Think of CX like the older CSC-SSM modules running IPS or Trend Micro AV services. With CX you similarly redirect traffic from the ASA processing path using a service-policy and the CX runs it through its logic (policies, inspections, etc.) and then hands it back to the base ASA for the remaining steps of the packet flow.

Depending on how your ASA was originally purchased, you may need to purchase the SSD hardware (required for CX) in addition to the licensing you need for the NGFW features.

Thanks a bunch. The documentation is very poor. Cisco needs to do a better job in documenting a new product especially if they want to beat the competition (PaloAlto).

 

You're welcome.

You may want to take a look at CiscoLive365 sessions BRKSEC-1024 (high level comparison of IOS and ASA NGFW) and BRKSEC-2024 (deeper dive into ASA NGFW)

Please rate and mark your question as answered when it has been.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: