Is the ASA Service Module consider a Next Generation Firewall?

Similar Messages

• ASA Service Module on 6500 montoring console session

  We have 6500 with ASA Service Module
  On 6500 how can we configure so that if someone logs in to the ASA Service Module and reboots the firewall we can have logs of it in syslog of switch .
  Thanks for help

  I hate to answer my own posts, but here it is.  TAC tells us that there are 2 choices to make this work.  Apparently the way that worked on an ISR and ISRG2 does not work on the 4000 series routers.  I guess that's progress.
  Option 1. Use a physical cable to connect one of the router's interfaces to one of the etherswitches interfaces and treat it just like the etherswitch is a seperate physical switch.  I'm sure there is a use case for that but I'll not cover that here.
  Option 2. Use the "service instance" feature on the router's internal interface to bind it to a new "BDI" virtual interface on the router.  This is what we'll do.
  On our router ethernet-internal 1/0/0 maps to Gi0/18 on the etherswitch, all internal to the box.  The router will be10.0.0.1 and the switch will be 10.0.0.2.
  Router:
  interface Ethernet-Internal 1/0/0
  service instance 1 ethernet
  encapsulation dot1q 50
  rewrite ingress tag pop 1
  interface BDI 1
  mtu 9216
  ip address 10.0.0.1 255.255.255.0
  Switch:
  interface Gi0/18
  switchport trunk vlan allowed 50
  switchport mode trunk
  vlan 50
  name Egress vlan
  interface vlan 50
  ip address 10.0.0.2 255.255.255.0
  ip route 0.0.0.0 0.0.0.0 10.0.0.1
  Then there are a million ways to design and configure the switch as a normal 3560X switch but that's beyond the scope of my question.

• Migrating from FWSM to ASA Service Module (ASASM)

  I'm migrating from a failover pair of FWSM modules across to a failover pair of ASA Service Modules. In order to avoid a "big bang" switchover I intend to migrate subnets from one to the other over a protracted period.
  With that in mind, can anyone confirm whether there is any restriction on having FWSM and ASASM modules in the same chassis? A trawl of the relevant documentation hasn't revealed anything.
  In this specific case it is Catalyst 6509E VSS chassis pairs with Sup-2T.
  Thanks in advance.

  So long as the chassis has enough power to power these modules you are good.
  Upto 4 FWSMs can be installed in a chassis.
  Upto 4 ASA-SM modules can be installed in a chassis.
  FWSM:
  http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps4452/product_data_sheet0900aecd803e69c3.html
  • Up to 4 FWSMs (20 Gbps) per Catalyst 6500 chassis
  ASA-SM
  http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps11621/qa_c67-662207.html
  Q. How many ASA Services Modules can I place in a Cisco Catalyst 6500 Series chassis?
  A. Up to four independent ASA Services Modules can simultaneously run in a Cisco Catalyst 6500-E Series chassis.
  -Kureli
  Checkout my breakout session at Cisco Live 2013, Orlando, Florida.
  BRKSEC-2024 Deploying Next-Generation Firewall Services on the ASA 
  Room 314A Tuesday, June 25 3:00 PM - 4:30 PM

• ASA Service module shut down and on automatically

  hello,
  i have a asa service module which is inserted on 6509 chassis.
  This morning when i came to the office i have noticed my asa service module was restarted at last night but 6509 was up.
  one more thing we dont have failover.only have single asa service module.
  ASA SM version is 8.5
  below is the failover history and details
  ciscoasa up 17 hours 11 mins
  ------------------ show crashinfo ------------------
  No crash file found.
  ------------------ show failover history ------------------
  ==========================================================================
  <--- More --->
  From State                 To State                   Reason
  ==========================================================================
  14:28:40 UTC Apr 7 2013
  Not Detected               Disabled                   No Error
  can any one tell me why this happend.
  thanks in advanced
  Khem

  Hi,
  Would seem to me that it would be best to check this through Cisco TAC to determine the cause.
  It would seem though that no Crashinfo file was generated so thats kinda strange.
  You should be able to confirm if the ASASM is set to save a crashinfo file with the command "show crashinfo save"
  - Jouni

• Does ASA Service Module on 6509-E support Remote Access VPN ?

  I'm having a problem configuring Remote Access VPN (SSL, Anyconnect ect.) on ASA Service Module on 6509-E. Is this even supported  or am i wasting my time trying to make something work which will not work in a first place :) ? Site-to-Site works without any problems.
  Tech Info:
  6509-E running SUP 2T 15.1(2)SY
  ASA Module - WS-SVC-ASA-SM1 running image - asa912-smp-k8 & asdm-712
  Licenses on ASA:
  Encryption-DES - Enabled
  Encryption-3DES-AES  -Enabled
  Thanks in Advance for support.

  Are you running multiple context mode?
  If you are, remote access VPN is not supported in that case:
  "Note Multiple context mode only applies to IKEv2 and IKEv1 site to site and does not apply to AnyConnect, clientless SSL VPN, the legacy Cisco VPN client, the Apple native VPN client, the Microsoft native VPN client, or cTCP for IKEv1 IPsec."
  Reference.

• After upgrading ios Cisco Catalyst 6500 Series Supervisor Engine 2T to the latest release the ASA-SM module is not recognized

  after upgrading ios Cisco Catalyst 6500 Series Supervisor Engine 2T to the latest release the ASA-SM module is not recognized it is disabled. the FPD
  is not recognized any more. reverted back to previous ios with no luck

  Duplicate post.
  Being discussed actively in this thread.

• Can I get the library from my Ipod touch next generation back to my PC?

  Can I get the library from my Ipod touch next generation back to my PC?
  My PC got a virus and I had to reinstall windows from scratch so I lost most of my music. I had a backup program that died in the middle of it so only half came back. the only place that I have all the songs is on the ipod. if I let it sinc it will loose the half that I do not have.
  Any ideas on which direction I should go?

  If your iPod is set to update automatically you need to take care connecting to an empty iTunes. You can use a keyboard command to prevent your iPod auto-syncing with iTunes. While connecting the iPod to the computer on Windows with iTunes installed hold down the Shift + Ctrl keys together. This will stop the iPod from auto-syncing with iTunes and the iPod will appear in the source list. Wait until you are sure the iPod has mounted, and that it will not auto sync and then you can let the keys go. This may take between 20 to 30 seconds depending on your computer: iTunes - Keyboard Shortcuts for Windows
  If at any point you get a message that your iPod is linked to another library and asking if you want to link to this one and replace all your songs etc, press "Cancel". Pressing "Erase and Sync" will irretrievably remove all the songs from your iPod.
  If you only want to copy your purchases to the computer that can be done using iTunes, you'll find details in this article: Copying iTunes Store purchases from your iPod or iPhone to a computer
  For everything else (including purchases) there are a number of third party utilities that you can use to retrieve the music files and playlists from your iPod Touch or iPhone. You'll find that they have varying degrees of functionality and some will transfer data (such as playcounts and ratings), movies, videos, photos, podcasts and games as well.
  A selection of iPod/iPhone to iTunes utilities:
  Senuti Mac Only (iPod Touch & iPhone compatible)
  SharePod Windows Only (iPhone and iPod Touch compatible)
  TuneJack Windows Only (iPhone and iPod Touch compatible)
  iPodRip Mac & Windows (iPhone and iPod Touch compatible)
  Music Rescue Mac & Windows (iPhone and iPod Touch compatible)
  iPod Music Liberator Mac & Windows (iPhone and iPod Touch compatible)
  iGadget Mac & Windows (iPhone and iPod Touch compatible)
  iRepo Mac & Windows (iPhone and iPod Touch compatible)
  iPod Access Mac & Windows (iPhone and iPod Touch compatible)
  TouchCopy Mac & Windows (iPhone and iPod Touch compatible)

• Next Generation Firewall?

  I'm trying to get my small retail business in compliance with PCI DSS credit card requirements, and they now require advanced security against intrusion, like Next Generation Firewall (NGFW) or Unified Threat Management (UTM). Can Apple's Time Capsule security be configured to satisfy this, or is there software available? McAfee addresses this but looks like they just do Windows. Another thread mentioned NAT (I don't know that acronym...) - will that help me?

  GoodGuy007 wrote:
  But Apple say Time Capsule does have a firewall.
  Yes you are correct. The firewall is part of the NAT router.
  https://www.apple.com/airport-time-capsule/specs/
  NAT is 'network address translation'. Start at wikipedia & then search around if you need it explained in detail…
  http://en.wikipedia.org/wiki/Network_address_translation
  In short NAT will translate the local device addresses into ones that come from or go to the internet. In effect it 'firewalls' the local clients from the internet by connecting the public internet into the local network. It's not as robust as dedicated firewall hardware.
  As LaPastenague said you need to buy a commercial grade firewall and possibly a router.
  I'd only consider a Time Capsule for a small wifi network in a buisness that was completely separate to the PCI DSS network.

• ASA Service Module with Packeer

  I have a customer about to install an ASASM in a 6800 switch. Their previous setup was an ASA 5520 connected to 4500 core switch with a Blue Coat Packet Shaper sitting between the inside interface of the ASA 5520 and 4500.
  With the ASASM backplane connected to 6800, it seems impossible to direct the inside traffic to a physical port on the switch, then through the packet shaper, and then back into switch.
  I do know that the packet shaper can monitor the traffic from the inside interface using port mirroring, but the customer would loose the ability to actually shape Internet traffic.
  I have a TAC case open, and they currently trying to figure out if this is possible. I am asking here to see if anyone has already attempted a scenario like this.
  Thanks.

  Hi Nick,
  Take a Look here.
  http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup2T/virtual_switching_systems.html#wp1053927
  Gereinigt
  Michael
  Sent from Cisco Technical Support iPad App

• Firewall service module vs ASA

  Hi
  Someone told me that the cisco firewall service module of 6500 has poor performances compared to ASA
  What do you recommend as a core firewall (to protect internal servers): ASA or firewall service module ?
  thanks

  Hi,
  We are using 5 FWSMs at the moment but are moving away from them to ASA5585-X models.
  I wouldnt suggest going to FWSMs anymore at this point if you have any plan on having support for new features.
  End Of Life and End of Sale Notice
  http://www.cisco.com/en/US/prod/collateral/modules/ps2706/eol_c51-699134.html
  The follower for the FWSM is the ASA Service Module which supports the newer softwares (while the FWSM doesnt). Heres a link to a document about the ASASM
  http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps11621/data_sheet_c78-672507.html
  Also you could always consider a separate ASA models. Here are links to both the orignal ASA 5500 series and new ASA 5500-X series
  ASA 5500 Series
  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80285492.pdf
  ASA 5500-X Series
  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/at_a_glance_c45-701635.pdf
  I guess the question for you is what are the requirements for the device regarding performance. All of the above documentation should give you a clue about which model might be the best for you.
  - Jouni

• XML Publisher with Service Module - Service Request Reports -- URGENT

  Hi all ... any pointers/help/guidance with the problem listed below would be much appreciated.
  I'm working in the context of the Oracle Service Module & Service Request Reports.
  I'm required to configure the XML Publisher Responsibility seeded functionality with the service module reports.
  Listed below are the two reporting requirements that I'm considering , corresponding to the following seeded XMLP Responsibility seeded components:
  (I'm quoting an extract from the Oracle TeleService Implementation & User Guide here).
  Detailed Report
  Data Definition: Service Request Detail Definition (CS_SR_DETAIL_DEF)
  Corresponding Template: Service Request Detail Report Template (CS_SR_DETAIL_TMP.en)
  Template Description: Includes all of the available service request attributes including charges, the two descriptive flexfields, and extensible attributes.
  Summary Report
  Data Definition: Service Request Summary Definition (CS_SR_SUMMARY_DEF)
  Corresponding Template: Service Request Summary Report Template (CS_SR_SUMMARY_TMP_en)
  Template Description: Includes a subset of the detailed report attributes including the same charges information as the detailed report.
  When I log into the EBS >> XML Publisher Administrator Responsibility >> Service Application ... I find these seeded XMLP components, together with the preview data, downloadable templates & sample output.
  The question is:
  Where (responsibility/application/navigation/etc.) do I find the seeded EBS Service Reports to provide the expected XML input to the seeded XMLP Service Request Data Definitions & Templates????
  Notes ...
  I have found the following two reports, under the Service Application in EBS, set their output type to XML and viewed the output of the submitted request:
  - Service Request Detail Report
  - Service Request Summary Report
  ... but each of these two reports produce XML output of a different data model/structure to that expected by each of the corresponding seeded XMLP data-definitions/templates.
  Additionally, I cannot find any corresponding concurrent program definitions on the system with the same SHORT-NAME/CODE as the seeded XMLP data definitions themselves i.e. CS_SR_DETAIL_DEF and CS_SR_SUMMARY_DEF.
  Are the necessary reports not actually seeded within EBS? Do the seeded XMLP data definitions & templates require development of new Concurrent Programs from scratch to access the database tables and provide the necessary data/input, or am I missing something here??

  I am sure you found a solution to your problem. If not, to give a pointer to this issue, I guess these reports are gererated right from the service request screen and this definition is used there.This report can be generated from several places based on where you are within SR scree.
  Thanks
  Nagamohan

• IPod Service Module has encountered a problem...

  Upgraded to XP Service Pack 3 and found that my iPod no longer shows up in iTunes and thus won't sync, however it is recoginzed by my computer. Have tried multiple fixes including uninstalling service pack 3 as well as uninstalling and reinstalling iTunes several times. Every time I connect my iPod or try to manually start the iPod Service Module (per instructions on a support page) I get an error message that it's encountered a problem and has to shut down. I've also removed all iPod entries in add/remove programs (i.e. updaters and iPod for Windows entries). Not sure where to go to next. I'm back to running XP service pack 2, but the problem continues. Any advice is appreciated.

  Just to let you know...you're not alone. I have the same problem with no solution. I've surfed the Net for answers and have only found that it is not a new problem. I hope that someone out there can suggest a solution.

• Ipod service module has encountered a problem and needs to close

  I have recently got a 80gb ipod video, but have been unable to use it, because no matter what I do I can't get it to appear in the source pane on itunes. Everytime I connect it to my PC I get a window up which says the "Ipod service module has encountered a problem and needs to close, sorry for the inconvenience etc"
  I have followed ALL the instructions, including uninstalling itunes and quicktime (which I have done at least 7 times), reinstalling them with different settings on my computer. I have reinstalled a stand alone version of quicktime. I have tried restarting the ipod service, I have deleted all files from recycle bin and from Temp files. I have spoken to ipod at great length (3 different people, totalling approx 2hrs 30mins on the phone) and to a guy at Comet where I bought it from (20 mins on phone). Basically I have done everything I and anyone else can think of, but I still get the same message.
  DOES ANYONE HAVE ANY OTHER SUGGESTIONS....PLEASE HELP I AM AT MY WITS END !!!
  packard bell   Windows XP  
  packard bell   Windows XP  

  I get a window up which says the "Ipod service module has encountered a problem and needs to close, sorry for the inconvenience etc"
  hmmmm. i don't have a solution to offer you at this stage. by we can try some general troubleshooting strategies to see if that can isolate the cause of the problem.
  if you're game, we could start proceedings by trying a connection after a selective startup with just the itunes and quicktime background processes enabled. see:
  Using MSCONFIG to troubleshoot conflicts in Windows
  do you still get the crash after the selective startup?

• Ipod service module

  How can I repair the ipod service module?? Everytime I connect the ipod a message pops up stating that the ipod service module has encoutered a problem and needs to close. What can I do about this problem??? HELP???

  Hey kathyds1,
  OK, time to reinstall. But, to do so, follow this article to completely remove iTunes and Quicktime before installing again.
  http://docs.info.apple.com/article.html?artnum=93698
  (Note: This does not affect your music as it is stored, by default, in My Music)
  Hope this helps,
  Generik
  PowerMac G4/Dell Precision WS 370, XP Pro   Mac OS X (10.4.7)  

• Service Module is failed

  when i show service-module ids-sensor 1/0 status
  i have the following output
  Service Module is Cisco IDS-Sensor1/0
  Service Module supports session via TTY
  Service Module is failed
  Service Module status is not available
  what is the problem and how can i recover it?
  note i make restart for the service module by the command
  service-module ids-snsor 1/0 reset
  but it remain failed
  please help me as soon as possible

  You've powered off and re-seated the card and this was working at one point?  Beyond that, if there is no output from the CUE console (while connected to the module via "service-module service-engine 0/1 session"), then the module is likely defective.