Deployment Of Asa Sm; Asa Sm Firewall Modes; Routed Mode; Transparent Mode - Cisco 7600 Series Module Manual
Hide thumbs
Also See for 7600 Series:
- Hardware installation manual (144 pages) ,
- Hardware manual (122 pages) ,
- Manual (70 pages)
Table of Contents
Advertisement
Deployment of ASA SM
Deployment of ASA SM
The ASA SM card can be deployed in 7606-S and 7609-S chassis. You can configure any physical port
on the router to operate with firewall policy and protection. ASA SM is Network Equipment-Building
System (NEBS) compliant. Slots adjacent to the ASA SM slot are either used or provided with 'airdam'.
Airdam is a blank panel that provides an air shield. Airdam cards in empty slots ensure correct air-flow
around the cards.
You can deploy ASA SM in the following modes:
•
•
•
ASA SM Firewall Modes
ASA SM runs in the following firewall modes:
•
•
Routed Mode
In the routed mode, ASA SM is considered to be a router hop in the network. It can use OSPF or RIP in
the single context mode. Routed mode supports many interfaces. Each interface is on a different subnet.
You can share interfaces between contexts. ASA SM acts as a router between the connected networks,
and each interface requires an IP address on a different subnet. In the single context mode, the routed
firewall supports Open Shortest Path First (OSPF), Enhanced Interior Gateway Routing Protocol
(EIGRP), and Routing Information Protocol (RIP). Multiple context mode only supports static routes.
We recommend using the advanced routing capabilities of the upstream and downstream routers instead
of relying on ASA SM for extensive routing needs.
Transparent Mode
In the transparent mode, ASA SM is not considered a router hop, but acts like a "bump in the wire," or
a 'stealth firewall'. ASA SM connects to the same network on its internal and external interfaces.
Use a transparent firewall for the following:
•
•
•
Cisco 7600 Series Routers Module Guide
16-4
In the homogeneous mode, only ASA SM resides in the 7600 chassis.
In the coexistent mode, both ASA SM and FWSM reside in the same router chassis and network, or
in the same network, but are managed by separate management tools.
In the heterogeneous mode, both ASA SM and FWSM are deployed and in operation either in the
same router chassis or in the same network, and are managed by the same management tool.
Routed
Transparent
Simplify your network configuration.
Make the firewall invisible to attackers.
Allow traffic that would be blocked in the routed mode. For example, a transparent firewall can
allow multicast streams using an Ether Type access list.
Chapter 16
Adaptive Security Appliance Services Module
OL-9392-04
Advertisement
Table of Contents
