Deploy and Install

Deploy the ASA

To deploy an ASA 5585-X, see the Cisco ASA 5585-X Quick Start Guide for installation procedures:

http://www.cisco.com/go/asa5585x-quick

To deploy an ASAv, see the Cisco Adaptive Security Virtual Appliance Quick Start Guide for installation procedures:

http://www.cisco.com/c/en/us/support/security/virtual-adaptive-security-appliance-firewall/products-installation-guides-list.html


Note

During an ASAv deployment, you must define the value of the nameif property for the management interface as management. If you define the interface name as anything other than management, the device cluster will be stuck in AuditRequested/AuditPending state, and the fault will indicate that the read operation timed out. The management interface and default gateway configuration are deleted from the ASAv, and the interface is shut down.


Install the ASA Device Package

Each service node type must provide a device package, which includes two parts: a device specification and a device script. Service nodes of the same type are bound to a single device package.

The ASA device package enables you to configure an ASA and register the ASA with the APIC.

Before you begin

Review the prerequisites in the Overview and Prerequisites chapters of the Cisco APIC Layer 4 to Layer 7 Services Deployment Guide.

Procedure


Step 1

Download the ASA device package, a .zip file available at http://www.cisco.com/go/asa-software, and save it onto your local drive. Do not unzip the file.

Step 2

Install the ASA device package. See the Importing a Device Package chapter of the Cisco APIC Layer 4 to Layer 7 Services Deployment Guide.

Step 3

Register the ASA with the APIC. See the Configuring a Device Cluster and Configuring Connectivity to a Device Cluster chapters of the Cisco APIC Layer 4 to Layer 7 Services Deployment Guide.


Migrate from 1.2(x) to 1.3(x)

To migrate your existing Cisco ASA device package deployment from software version 1.2(x) to 1.3(x), complete the following steps:

Procedure


Step 1

Install the ASA device package software version 1.3(x) onto the APIC.

Step 2

From your existing deployment, download the configuration from the tenant.

Step 3

Replace the top-level <imdata> tag with <polUni> in the configuration.

Step 4

Globally, replace mDev-CISCO-ASA-1.2 with mDev-CISCO-ASA-1.3 in the configuration.

Step 5

Upload the modified configuration back onto the APIC.