How to Deploy the ASA 5508-X or ASA 5516-X in Your Network?

We talked about the new models of Cisco ASA with FirePOWER services: the ASA 5508-X and 5516-X.

The new ASA 5508-X and 5516-X provide midsize companies, branch offices and industrial environments with the same advanced malware protection and threat detection capabilities deployed by large enterprise organizations. (5508-X and 5516-X–1RU threat centric NGFW for branch offices and midsize businesses)

Yes, with the cool ASA 5508-X or 5516-X, you can set a better network. So how to deploy the ASA 5508-X or ASA 5516-X in your network? We will tell you in this article.

Firstly, let’s have a look at the package contents of the chassis.

Note: The contents are subject to change, and your exact contents might contain additional or fewer items.

ASA 5508-X or ASA 5516-X-Package

How to deploy the ASA 5508-X or ASA 5516-X in Your Network? You can read the following figure shows the recommended network deployment for the ASA 5508-X or ASA 5516-X with the ASA FirePOWER module:

network deployment for the ASA 5508-X or ASA 5516-X with the ASA FirePOWER module

Note: You must use a separate inside switch in your deployment.

The default configuration enables the above network deployment with the following behavior.

inside–> outside traffic flow

outside IP address from DHCP

DHCP for clients on inside

Management 1/1 belongs to the ASA Firepower module. The interface is Up, but otherwise unconfigured on the ASA. The ASA Firepower module can then use this interface to access the ASA inside network and use the inside interface as the gateway to the Internet.

NoteDo not configure an IP address for this interface in the ASA configuration. Only configure an IP address in the Firepower configuration. You should consider this interface as completely separate from the ASA in terms of routing.

ASDM access on the inside interface

Note: If you want to deploy a separate router on the inside network, then you can route between management and inside. In this case, you can manage both the ASA and ASA FirePOWER module on Management 1/1 with the appropriate configuration changes.

 

Procedure to Deploy the ASA 5508-X or ASA 5516-X

Procedure

1. Cable the following to a Layer 2 Ethernet switch:

  • –GigabitEthernet 1/2 interface (inside)
  • –Management 1/1 interface (for the ASA Firepower module)
  • –Your computer

Note: You can connect inside and management on the same network because the management interface acts like a separate device that belongs only to the ASA Firepower module.

2. Connect the GigabitEthernet 1/1 (outside) interface to your WAN device, for example, your cable modem.

Note: If the cable modem supplies an outside IP address that is on 192.168.1.0/24, then you must change the ASA configuration to use a different IP address.

More related information about the Cisco ASA 5508-X and ASA 5516-X such as Power on the ASA, Launch ASDM, and Configure the ASA FirePOWER Module, etc. you can read the full document

 

More Related

Cisco ASA 5500-X Series’ New Features & Main Model Comparison

What are the Considerations While Buying a Cisco Next-Generation Firewall?

NGFW-Cisco ASA with FirePOWER Services

ASA 5506-X/SecurityPlus, 5506W-X & 5506H-X, Cisco ASA with FirePOWER Services, What’s New Here?

The New Cisco ASA 5506-X, More Comparisons

How to Start a Cisco ASA 5506-X?

How to Start a Cisco ASA 5585-X Series

Cisco ASA 5506-X with Version 9.4.1–Policy Based Routing

Share This Post

Post Comment