Cisco ASA Series Configuration Manual page 118

Perform Initial ASA FirePOWER Setup
Management PC
ASA 5506-X through ASA 5555-X (Software Module)
These models run the ASA FirePOWER module as a software module, and the ASA FirePOWER
management interface shares the Management 0/0 or Management 1/1 interface (depending on your
model) with the ASA.
The following figure shows the recommended network deployment for the ASA 5500-X with the ASA
FirePOWER module:
Management PC
For the ASA 5506-X, 5508-X, and 5516-X, the default configuration enables the above network
deployment; the only change you need to make is to set the module IP address to be on the same network
as the ASA inside interface and to configure the module gateway IP address.
For other models, you must remove the ASA-configured name and IP address for Management 0/0 or
1/1, and then configure the other interfaces as indicated above.
If you want to deploy a separate router on the inside network, then you can route between management
Note
and inside. In this case, you can manage both the ASA and ASA FirePOWER module on the
Management interface with the appropriate configuration changes.
Cisco ASA Series Firewall CLI Configuration Guide
7-8
Module Gateway
Layer 2
Switch
ASA Management 0/0
Module Management 1/0
Set IP to be on same network as M0/0
ASA FirePOWER Default Gateway
Layer 2
Switch
GigabitEthernet 1/2
Management 1/1
No ASA IP address
ASA FirePOWER IP address: 192.168.1.2
ASA
to Internet
management
Module
ASA
inside
192.168.1.1
FP
Chapter 7 ASA FirePOWER Module
outside
Internet
outside
GigabitEthernet 1/1
Internet