Cisco Cisco ASA 5580 Adaptive Security Appliance Installation Guide
2
1
About the ASA Integration with the APIC
The Cisco Application Policy Infrastructure Controller (APIC) automates insertion of services (such as an
ASA firewall) northbound between applications, also called End Point Groups (EPGs)
ASA firewall) northbound between applications, also called End Point Groups (EPGs)
.
The APIC uses
northbound APIs for configuring the network and services. You use these APIs to create, delete, and
modify a configuration using managed objects.
modify a configuration using managed objects.
When configuration is controlled through the APIC, you cannot change the configuration through the
ASA CLI. This means that the CLIs for any feature that you configure through the APIC are disabled on
the ASA. However, you may use the CLI to configure management access to the ASA. Operational and
status commands, such as troubleshooting commands and show commands, are also available through
the CLI.
ASA CLI. This means that the CLIs for any feature that you configure through the APIC are disabled on
the ASA. However, you may use the CLI to configure management access to the ASA. Operational and
status commands, such as troubleshooting commands and show commands, are also available through
the CLI.
Note
With APIC integration, you can only use ASDM for monitoring purposes. You cannot change
the configuration using ASDM.
the configuration using ASDM.
For information about how to use ASDM for monitoring, see the Cisco ASA Series General Operations
ASDM Configuration Guide for the specified feature and release that you are using.
ASDM Configuration Guide for the specified feature and release that you are using.
Service Function Insertion
When a service function is inserted in the service graph between applications, traffic from these
applications is classified by the APIC and identified using a tag in the overlay network. Service functions
use the tag to apply policies to the traffic. For the ASA integration with the APIC, the service function
forwards traffic using either routed or transparent firewall operation.
applications is classified by the APIC and identified using a tag in the overlay network. Service functions
use the tag to apply policies to the traffic. For the ASA integration with the APIC, the service function
forwards traffic using either routed or transparent firewall operation.
For information about the APIC, see the “Cisco Application Centric Infrastructure” chapter of the ACI
Fundamentals guide.
Fundamentals guide.
For information about service graphs, see the “Configuring a Service Graph” chapter of the Cisco APIC
Layer 4 to Layer 7 Services Deployment Guide.
Layer 4 to Layer 7 Services Deployment Guide.
For information about the insertion of Layer 4 to Layer 7 services, see the “Overview” chapter of the
Cisco APIC Layer 4 to Layer 7 Services Deployment Guide.
Cisco APIC Layer 4 to Layer 7 Services Deployment Guide.