Cisco Blogs

Announcing the Cisco ASA 1000V Cloud Firewall

October 18, 2011 - 7 Comments

This week Cisco is announcing the ASA 1000V cloud firewall, a product that we previewed at VMworld last month and in an earlier blog post. This video provides a very high level introduction to our latest virtual security product.

We’re excited about the ASA 1000V because it brings virtually all the features of our physical ASA appliances to virtual environments, providing greater consistency across the physical, virtual and cloud domains, however your applications are deployed. The ASA 1000V will primarily be deployed to protect tenants in a multi-tenant cloud environment with traditional edge security services including VPN, NAT, attack prevention and DHCP. This will compliment our Virtual Security Gateway (VSG) firewall which has greater visibility to VM-specific policy attributes, and will be used to isolate VM-VM traffic within a tenant.

Both VSG and the ASA 1000V will rely on the Nexus 1000V virtual switch to direct appropriate packets to the right firewall service node, where policies are enforced, prior to reaching the VM. The ASA 1000V will start shipping in the first half of 2012.

For more information on the ASA 1000V, please check out our new web page, and please register for our external launch event on October 25 where we will unveil more details, as well as our latest Nexus data center announcements.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. Hi, You state the ASA1000v rely's on the Nexus 1000v switch. Is there any plan to remove this reliance so the virtual ASA can run in a VMware farm without the 1000v appliance? Regards,

    • No, there are no plans at this time. We have enhanced ASA 1000V (and other Cisco virtual services) based on unique features in the Nexus 1000V, name vPath, which directs traffic to the appropriate service from the switch since the virtual service does not sit inline.

  2. Will it include support for IPv6 ?

    • It does not today, but will in a future release, when Nexus 1000V supports IPv6.

  3. Nice videos and especially the examples. With a structural engineering background i am thinking the ASA1000v is like a fence between two businesses in a large building, while the VSG is like a lock on each individual offices in either of those businesses. Organizations larger and smaller with field employees in sales, services etc in a variety of industries are enabled to let the employees choose their own mobile device while being able to secure the firms proprietary and sensitive data both at the source (data centers) and at the access level (say a mobile user)- and this is even when a public cloud is being used...Looking forward to the oct25 events...

  4. If I try to connect to the "register for our external launch event" the web server respond with: Error 500:

    • I've seen this very intermittently myself. If you try it again after a minute or two it usually works for me.