Cisco Cisco ASA 5585-X Adaptive Security Appliance 정보 가이드
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 25
Q. Where can I find guidelines on migrating from the Cisco Catalyst® 6500 Series Firewall Services Module
(FWSM) to ASA 5585-X appliances?
A. This migration requires a redesign of the network infrastructure. The typical approach is to use the FWSM-to-
ASASM migration tool to first sanitize the configuration. Please see the information at:
After that, you can manually replace the VLAN names with physical interfaces and run the configuration
through the cloud migration tool for ASA, which can be found at:
You can even skip the first step and use the cloud migration tool directly, but make sure that the source
interface names are aligned to match those of an ASA-5550 appliance. Then you have to edit the converted
configuration to match that of an ASA 5585-X.
Cisco ASAv Software
Q. What is the Cisco ASAv?
A. The Cisco Adaptive Security Virtual Appliance (ASAv) is a completely reimagined virtual security solution that
and a
traditional tiered deployment. The ASAv supports consistent, transparent security across physical, virtual,
application-centric, and cloud environments.
Q. Does ASAv support full feature parity with physical ASA?
A. Yes, ASAv is in full sync with physical appliance features, with the exception of multiple contexts, clustering,
and EtherChannel.
Q. Does ASAv support Cisco TrustSec
®
technology: specifically, security group access control lists?
A. Yes, ASAv supports Cisco TrustSec technology and SG-ACLs. The policy rule is integrated into ASA policy
and its stateful firewalling.
Q. Considering an ASAv with 1- Gbps, 1-vCPU license, what happens if the traffic passes 1 Gbps?
A. With the Controlled Introduction (9.2.1) ASAv release, 1 Gbps is the maximum performance that a customer
can expect from one vCPU. The ASAv software does not do anything special to drop traffic that exceeds the
threshold. If the vCPU is running close to close to capacity, incremental traffic will see a drop in speed.
In future software releases a "shaper" in the software will limit traffic to the throughput specification of the
product that was purchased. Also keep in mind the underlying virtual switch capacity.
Q. What hypervisors does ASAv support?
A. Following is the list of hypervisors and tentative timelines for support:
VMware: ASAv is currently supported only on VMware as of ASA 9.2(1) software. Note that ASAv is
independent of the virtual switch and does not require Cisco Nexus 1000V.
KVM: ASAv on KVM will be supported soon.
Microsoft Hyper-V and Citrix Xen: Support for on Hyper-V and Xen is being planned.
Q. What are the system requirements to run ASAv?
A. For a controlled introduction, ASAv requires VMware ESXi 5.x. See the VMware documentation