You are here
Cisco ASA 1000V VNMC VS ASDM Mode
Submitted by admin on Sun, 06/30/2013 - 22:26
As part of Cisco ASA 1000V installation, you need to decide if you want to run the ASA 1000V in VNMC or ASDM mode. Since the mode cannot be changed after the installation, you will need to pick this wisely. Here are quick comparisons that might help you decide which mode is appropriate to your deployment.
VNMC Mode
- All configurations are performed on VNMC web interface.
- Limited CLI command availability. Mostly for troubleshooting.
- Ability to access VMware virtual machine attributes (eg. Name of VM) and use within policies
- Ability to reuse configuration components (eg. Object-group) and policies on multiple ASA
- Some features may not be configurable (eg. SNMP, QoS, Failover timeout) (please double check VNMC release notes)
- Port-group may need to be reapplied to the VM after changes are made on a Security Profile for the changes to take effect.
- No control over naming of certain objects (eg. Security Profile Interface)
- ASA needs to be reconnect to VNMC manually after a VNMC restore
- Config on an ASA is backed up with VNMC
ASDM Mode
- All configurations are performed on either CLI or ASDM
- Configurations are almost identical to a traditional ASA. Any existing knowledge can be directly applied.
- VMware virtual machine attributes may not be available for policy configurations.
- ASA are treated independently, and need to be configured individually.
- More configurable features than VNMC.
- Any changes made to the ASA take effect immediately.
- Have a complete control over all the naming.
- ASA reconnects to VNMC automatically after a VNMC restore
- Config on an ASA needs to be backed up separately
Related Links: