在思科的Catalyst 6500 系列交换机和Catalyst 7500系列的交换机可以添加ASA Service Model, ASA Service Model 基于Cisco ASA 平台,只需要将ASA Service Model 模块插入 6500/7500 系列的路由器的空插槽中,ASA Servie Model就可以为交换机提供完整的防火墙功能,无需额外的机架空间、布线、电源和物理接口。它还可以和既像中的其他模块进行协同工作,使每个端口成为安全端口。通过使用数据中心现有基础架构来提供网络安全服务。
Table 1. Features
| Feature | Description |
|---|---|
| Performance | |
| Maximum firewall throughput | 20 Gbps |
| Multiprotocol firewall throughput | 16 Gbps |
| Concurrent connections | 10,000,000 |
| Connections per second | 300,000 |
| Maximum 3DES/AES VPN throughput | 2 Gbps |
| Maximum site-to-site and IPsec IKEv1 client VPN user sessions | 10,000 |
| Maximum AnyConnect or clientless VPN user sessions | 10,000 |
| Cisco Cloud Web Security users | 7500 |
| Capacities | |
| Security contexts | 5, 10, 20, 50, 100, 250 licenses (2 included) |
| Cards per switch | 4 ASA Services Modules per Catalyst 6500 or Cisco 7600 Series chassis |
| VLANs | 1000 |
| High availability | Active/Active, Active/Standby |
| NAT translations | 10 million |
| Transparent mode VLANs | 16 pairs |
| Access control entries | 2 million |
Table 2. System Requirements
| ASA Release | Switch Hardware | Supervisor Engine or Route Switch Processor | Cisco IOS Release |
|---|---|---|---|
| 8.5(1) and later | Catalyst 6500-E | SUP 720-10GE with MSFC3 & PFC3C (VS-S720-10G-3C) | 12.2(33)SXJ2and later |
| SUP 720-10GE with MSFC3 & PFC3CXL (VS-S720-10G-3CXL) | |||
| SUP 720 with MSFC3 & PFC3B (WS-SUP720-3B) | |||
| SUP 720 with MSFC3 & PFC3BXL (WS-SUP720-3BXL) | |||
| 8.5(1.7) and later | Catalyst 6500-E | SUP 2T with MSFC5 & PFC4 (VS-S2T-10G) | 15.0(1)SY1 and later |
| SUP 2T with MSFC5 & PFC4XL (VS-S2T-10G-XL) | |||
| 9.0(1) and later | Cisco 7606-S, 7609-S | RSP 720 with 10GE ports, MSFC4 & PFC-3C (RSP720-3C-10GE) | 15.2(4)S2 and later |
| RSP 720 with 10GE ports, MSFC4 & PFC-3CXL (RSP720-3CXL-10GE) | |||
| RSP 720 with 2GE ports, MSFC4 & PFC-3C (RSP720-3C-GE) | |||
| RSP 720 with 2GE ports, MSFC4 & PFC-3CXL (RSP720-3CXL-GE) | |||
| SUP 720 with MSFC3 & PFC3B (WS-SUP720-3B) | |||
| SUP 720 with MSFC3 & PFC3BXL (WS-SUP720-3BXL) | |||
| 9.0(1) and later | Cisco 7604, 7609-S, 7613-S | SUP 2T with MSFC5 & PFC4 (VS-S2T-10G) | 15.1(1)SY and later |
| SUP 2T with MSFC5 & PFC4XL (VS-S2T-10G-XL) |
ASASM和交换机之间连接的是一个20GB的接口。
在单一上下文模式下,可以将MSFC(交换机管理引擎和集成多层交换机功能卡)或路由器放在ASASM前或者ASASM后,location取决于分配给ASASM接口的VLAN。
对于多上下文环境,应该将MSFC或路由器放在ASASM之后。
ASASM不带任何物理接口,使用从交换机或者路由器划分的VLAN接口。ASASM没有对ASDM的预配置。
https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/module/asa_sm_qsg.html
若有收获,就点个赞吧
0 人点赞
