Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5525-x with CX and IPS

Hi all,

I have read in Q and A that CX version 9.2 will support IPS on ASA. My question is, if a client wants CX and IPS in one box, at common workspace, which product shall i choose ? IPS bundle or CX bundle ? currently v9.2 is not listed there but still which product shall i use ?

2 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Purple

ASA 5525-x with CX and IPS

It's hard to suggest something that's not yet available. But I would buy the CX-bundle because there the needed hardware (the SSD) is included while in the IPS-bundle it's only a license. Assuming that this will not change it's likely that IPS can then later just be enabled by license. on the CX-bundle.

Another question is the available hardware. The IPS uses dedicated cores of the multi-core architecture. This processing-power is not available for CX in this case. So perhaps you need to buy a bigger box to handle the load of both CX and IPS. But we only know when it's officially anounced.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

ASA 5525-x with CX and IPS

really I don't understand the suggestion, because with CX bundle I cant use the IPS of the normal asa 5500-X, and now I cant buy the IPS service into the CX bundle neither, so what we can do?

9 REPLIES
VIP Purple

ASA 5525-x with CX and IPS

It's hard to suggest something that's not yet available. But I would buy the CX-bundle because there the needed hardware (the SSD) is included while in the IPS-bundle it's only a license. Assuming that this will not change it's likely that IPS can then later just be enabled by license. on the CX-bundle.

Another question is the available hardware. The IPS uses dedicated cores of the multi-core architecture. This processing-power is not available for CX in this case. So perhaps you need to buy a bigger box to handle the load of both CX and IPS. But we only know when it's officially anounced.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

ASA 5525-x with CX and IPS

Version 9.2 is released on oct 14 but i dont understand why its not listed in CCW ?

VIP Purple

Re: ASA 5525-x with CX and IPS

Do you have any public statement for the release? It's not available on the download-area and there are also no release-notes.

EDIT: Oh, I typed the wrong link and didn't realize that I was on the general ASA page ... But still, I have no answer. Probably Cisco will add a new bundle sometime in the future?

LATER: The following statement seems like it's just an add-on license:

Next Generation IPS filtering is a separately-licensed service; the device includes an evaluation license.

So perhaps there won't be any new bundles ...

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

ASA 5525-x with CX and IPS

New Member

ASA 5525-x with CX and IPS

really I don't understand the suggestion, because with CX bundle I cant use the IPS of the normal asa 5500-X, and now I cant buy the IPS service into the CX bundle neither, so what we can do?

Hall of Fame Super Silver

ASA 5525-x with CX and IPS

The 5500-X Series Next-Generation Firewall product data sheets have been updated to show the ordering options now including the NGFW IPS. Please refer to Table 4 here. The product SKUs haven't been released for orderability just yet but should be on CCW later this month.

So you will soon be able to buy the IPS service (and use them on the CX module with or without the AVC and WSE features). It is a bit different from the old school Cisco IPS module - reflecting the new architecture and design of the product (i.e., managed by PRSM - either on-box or off-box).

New Member

ASA 5525-x with CX and IPS

thanks Marvin,

and what is the big difference between the Cisco IPS module and the Cisco IPS service? in a design environment which would we decide to use and why?

thanks in advance

Carolina Morales

Hall of Fame Super Silver

ASA 5525-x with CX and IPS

You're welcome. I've only seen a few high level slides so far. Official release of the information has not yet been done.

A general description would be that NGFW IPS is better integrated with the overall access policy as expressed in the policies defined in PRSM. As such, it is able to leverage the application awareness (AVC) and source reputation (WSE) data and is enhanced by the more frequent (near real time) updates from Cisco's SIO cloud.

Sorry that's kind of marketing-speak but that's all that available at the moment.

New Member

Marvin, we just bought

Marvin, we just bought this

ASA5512-SSD120-K9

L-ASA5512-IP1Y=

We originally intented to buy the classic IPS for our customer, but our vendor indicated that the CX module with the IPS service was essentially the new replacement for classic IPS module.  However, after a nightmarish support call with licensing and TAC and finally finding someone who understood that there are 2 IPSs now, the person I spoke with gave me the impression that the IPS service with the CX module is not as robust as the classic IPS module, or maybe wasn't quite as feature rich?

 

Does anyone understand the difference between these two IPSs in terms of their features, etc?  My customer only wants an IPS, so which one would you choose if you don't need the other CX module features?  The easier to manage the better, but their focus is security and blocking and/or alerting on potential threats, etc.

 

763
Views
10
Helpful
9
Replies