Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

X-Series ASA's

Hi,

Hoping someone can give me some quick answers on the new mid-range X-series ASAs, released this month.

My understanding is that the 5585-X has been around since 2010, and that for some time now that platform has been capable of Virtualization and VPCs.

i.e

2 x 5585-X appear as a single device (similar to VSS with 65XX)

VPCs from 5585-X to switching infrastructure

Multiple virtualized firewall instances running on the one pair of 5585-X devices.

We are looking to deploy a similar architecture, but using mid-range X-series devices.  As the hardware for these devices is quite new, there is some reluctance to use it.  However, assuming the technology is much the same as the 5585-X, and the ASA software is the same as what runs on the 5585-X (and is reasonlably mature) then I would think the risk is quite low.

I'm sure Cisco says everything will go just fine! 

Thanks,

Andrew

1 ACCEPTED SOLUTION

Accepted Solutions

X-Series ASA's

Hi,

vPC is not supported ASAs. It can only be configued on high end Nexus switches.

You can however leverage the benefits of vPC by creating an etherchannel between the ASA and a pair of vPC enabled Nexus switches.

For pairs of ASAs you can have an Active/Active deployment but this is only supported in multi-context mode.

However this is a different technology to VSS. For example it does not support VPN failover.

For more information see the following link:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ha_overview.html

It depends on your business needs as to whether you choose the 5585X. It does not support the CSC-SSM for example.

As an alternative you could deploy Scan Safe however.

I suggest that you review the specs for the device:

http://www.cisco.com/en/US/products/ps11061/index.html

Yes I agree the risk is low. The ASA platform has been around for several years now and is stable and well supported.

Don't forget to rate all posts that are helpful.

Sean

1 REPLY

X-Series ASA's

Hi,

vPC is not supported ASAs. It can only be configued on high end Nexus switches.

You can however leverage the benefits of vPC by creating an etherchannel between the ASA and a pair of vPC enabled Nexus switches.

For pairs of ASAs you can have an Active/Active deployment but this is only supported in multi-context mode.

However this is a different technology to VSS. For example it does not support VPN failover.

For more information see the following link:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ha_overview.html

It depends on your business needs as to whether you choose the 5585X. It does not support the CSC-SSM for example.

As an alternative you could deploy Scan Safe however.

I suggest that you review the specs for the device:

http://www.cisco.com/en/US/products/ps11061/index.html

Yes I agree the risk is low. The ASA platform has been around for several years now and is stable and well supported.

Don't forget to rate all posts that are helpful.

Sean

406
Views
0
Helpful
1
Replies
CreatePlease to create content