The Cisco Adaptive Security Virtual Appliance (ASAv) brings full firewall functionality to virtualized environments to secure data center traffic and multi-tenant environments.
You can manage and monitor the ASAv using ASDM or CLI. Other management options may be available.
For hypervisor support, see Cisco ASA Compatibility.
Supported in single context mode only. Does not support multiple context mode.
For failover deployments, make sure that the standby unit has the same model license; for example, both units should be ASAv30s.
The ASAv does not support the following ASA features:
Guidelines, Features, and Limitations for the ASAv5
To run with 1 GB of memory, the ASAv5 VM must be re-provisioned with the 9.5.1.200 image. Only ASAvs running 9.5.1.200 can operate on 1 GB of memory. If you try to downgrade to a previous version, you must increase the memory to 2 GB.
The ASAv5 will begin drop packets soon after the threshold of 100 Mbps is reached (there is some headroom so that you get the full 100 Mbps). The ASAv5 is intended for users who require a small memory footprint and small throughput, so that you can deploy larger numbers of ASAv5s without using unnecessary memory.
Note: The ASAv Rate Limiter enforces throughput performance for the ASAv5 with some extra headroom to match entitlement and the built-in Lab Edition mode ASAv platforms.
License Entitlement shows the compliant resources scenarios that match license entitlement for the ASAvs.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ASAv States and Messages shows the ASAv states and messages connected to resources and entitlement for the ASAvs.
Table 2 ASAv States and Messages
The ASAv uses Cisco Smart Software Licensing. For detailed information, see Smart Software Licensing for the ASAv.
Note: You must install a smart license on the ASAv. Until you install a license, throughput is limited to 100 Kbps so you can perform preliminary connectivity tests. A smart license is required for regular operation.
As a guest on a virtualized platform, the ASAv utilizes the network interfaces of the underlying physical platform. Each ASAv interface maps to a virtual NIC (vNIC).
The ASAv includes the following Gigabit Ethernet interfaces:
For Azure, Management 0/0 can be a traffic-carrying “outside” interface.
The ASAv supports the following vNICs:
|
|
|
|
|
|
|
|
|
|