Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

TAC Security Podcast Episode #23 - The Cisco ASA Services Module

Episode Information

 

Episode Name: Episode 23 - The Cisco ASA Services Module

Contributors:  David White Jr., Blayne Dreier, Jay Johnston, Magnus Mortensen

Posting Date: October  31, 2011

Description: This episode features discussion about the new Cisco ASA Services Module (ASASM). Topics discussed include the hardware architecture differences between the ASASM and the Firewall Services Module (FWSM), new features introduced with the ASASM, and FWSM to ASASM migration tools and strategies.

 

Listen Now    (MP3 22 MB; 31:22 mins)

 

Subscribe to the Podcast in iTunes by clicking the image below:

button_itunes.gifrss.gif

 

About the Cisco TAC Security Podcast

 

The  Cisco TAC Security Podcast Series is created by Cisco TAC engineers.  Each episode provides an in-depth technical discussion of Cisco product  security features, with emphasis on troubleshooting.

 

Complete episode listing and show information

 

 

Show Notes

 

ASA SM Block Diagram

 

The following image shows a high level block diagram of the ASA Service Module.

 

ASASM_Block_Diagram.png

 

Performance Information

The following performance statistics come from the ASA SM Product Page on cisco.com:

 

Maximum firewall throughput           20 Gbps

Multiprotocol firewall throughput     16 Gbps

Concurrent connections             10,000,000

Connections per second                300,000

Security contexts                         250

VLANs                                    1000

 

 

Features Supported on the FWSM, but NOT on the ASA SM

 

  • BGP Stub Routing
  • Failover Preemption for Active/Standby Failover
  • Route Health Injection
  • DHCP Relay Interface Specific Servers
  • Stateful Failover Uauth Table Replication

 

Migrating from FWSM to ASA SM

Guide: Migrating to the Cisco ASA Services Module from the FWSM

http://www.cisco.com/en/US/docs/security/asa/migration/fwsm/fwsm2asasm.html

 

Importent note from the link:

 

 You must copy the migrated configuration file to the startup configuration
 of the ASA SM. When the ASA SM is subsequently restarted, the startup configuration
 is parsed upon startup. The ASA SM image takes the NAT, ACL, and other commands
 that have been deprecated or changed from the FWSM and translates the commands
 into the commands that the ASA SM accepts.

 

 

Useful Documents

The Cisco Catalyst 6500 Series ASA Services Module FAQ:

http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps11621/qa_c67-662207.html

 

Release Notes for the Cisco Catalyst 6500 Series ASA Services Module, 8.5(x)

http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn85.html

Comments
New Member

Great show! Thank you.

Now all we need is the ASA-SMs to support VPNs and dynamic routing in A/A.

New Member

In the show it is reccomended to use SXJ2, do you mean SXJ1? SXJ2 is currently not publicly available.

Thank you.

Cisco Employee

The SXJ2 is now available for download.

3121
Views
0
Helpful
3
Comments