Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Help in Security Solution for N1Kv Design

Hello,

 

My customer is migrating its Datacenter Environment, similar to the attached picture.

Today, they have a 6500 Core Switch with FWSM providing Security for Inter Vlan access.

Using N1Kv + N7K with the same Inter Vlan connectivity, what is the best option to provide Security Policies and enjoy the 20GB Uplink ?

One ASA 1000v Instance for each VLAN is a good option ? I will not have performance problems ?

 

Thank you in advance for help ..

 

Daniel Stefani

 

 

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Silver

ASA 1000V is a tenant edge

ASA 1000V is a tenant edge firewall. It is recommended to isolate tenants from outer world and from each other. An ASA 1000V always has only two interfaces so multiple instances result in a firewall management question.

Simple Inter-VLAN (and even intra-VLAN) filters can be implemented by VSG if protocol inspection (fixup) is not a requirement.

2 REPLIES
New Member

Hello, Any Help? This is the

Hello,

 

Any Help? This is the correct place to post this doubt?

 

 

Best Regards,

Daniel Stefani

Silver

ASA 1000V is a tenant edge

ASA 1000V is a tenant edge firewall. It is recommended to isolate tenants from outer world and from each other. An ASA 1000V always has only two interfaces so multiple instances result in a firewall management question.

Simple Inter-VLAN (and even intra-VLAN) filters can be implemented by VSG if protocol inspection (fixup) is not a requirement.

44
Views
0
Helpful
2
Replies