Cisco ASA - Cisco adaptive security appliance firewall 5500 Series

The bellow information has been sourced from Cisco's Wbsite more specifically over here

Cisco ASA 5500 Series Adaptive Security Appliances deliver a robust suite of highly integrated, market-leading security services for small and medium-sized businesses enterprises, service providers, and mission-critical data centers- in addition to providing unprecedented services flexibility, modular scalability, feature extensibility, and lower deployment and maintenance costs.

 

 
Key component of the Cisco Secure Network, the Cisco ASA 5500 Series Adaptive Security Appliances deliver superior scalability, a broad span of technology and solutions, and effective, always-on security designed to meet the needs of a wide array of deployments. By integrating the world's most proven firewall; a comprehensive, highly effective intrusion prevention system (IPS) with Cisco Global Correlation and guaranteed coverage; high-performance VPN and always-on remote access, the Cisco ASA 5500 Series helps organizations provide secure, high performance connectivity and protects critical assets for maximum productivity and minimal amount of down time.

 

Figure 1. The Cisco ASA 5500 Series Adaptive Security Appliances

cisco

The Cisco ASA 5500 Series helps businesses increase effectiveness and efficiency in protecting their networks and applications while delivering exceptional investment protection through the following elements:

 

Market-proven security capabilities-The Cisco ASA 5500 Series integrates multiple full-featured, high-performance security services, including application-aware firewall, SSL and IPsec VPN, IPS with Global Correlation and guaranteed coverage, antivirus, antispam, antiphishing, and web filtering services. Combined with real-time reputation technology, these technologies deliver highly effective network- and application-layer security, user-based access control, worm mitigation, malware protection, improved employee productivity, instant messaging and peer-to-peer control, and secure remote user and site connectivity. The only IPS with market leading reputation technology, Cisco IPS with Global Correlation provides twice the efficacy of legacy IPS and includes guaranteed coverage for enhanced peace of mind. Offering seamless client and clientless access for a broad spectrum of desktop and mobile platforms, the Cisco ASA 5585-X delivers always-on secure mobility with integrated web security and IPS for policy enforcement and threat protection.

The Cisco ASA 5500 Series offers businesses strong, adaptive protection from the fast-evolving threat environment through its unique combination of hardware and software extensibility and its powerful Modular Policy Framework (MPF). In Effect that fgramework allows the device to act as a Unified Threat Management or UTM device.The innovative extensible multiprocessor design and software architecture of the Cisco ASA 5500 Series enables businesses to easily install additional high-performance security services through security services processors (SSPs), security services modules (SSMs) and security services cards (SSCs). This provides businesses with outstanding investment protection, while enabling them to expand the security services profile of their Cisco ASA 5500 Series as their security and performance needs grow. All these services are easily managed through the powerful Cisco Modular Policy Framework, which allows businesses to create highly customized security policies while making it simple to add new security and networking services into their existing policies.

• Reduced deployment and operations costs-The Cisco ASA 5500 Series enables standardization on a single platform to reduce the overall operational cost of security. A common environment for configuration simplifies management and reduces training costs for staff, while the common hardware platform of the series reduces sparing costs. Additional efficiencies are realized by deploying integrated capabilities, obviating the need for the complex designs required to connect standalone solutions.

• Comprehensive management interfaces-The graphical Cisco Adaptive Security Device Manager (ASDM), a comprehensive command line interface (CLI), verbose syslog, and Simple Network Management Protocol (SNMP) support round out a rich complement of management options. Multi-unit deployments benefit greatly from Cisco Security Manager, a platform capable of managing distributed deployments of hundreds of devices.Powerful reporting capabilites are included in the ASDM in order to facilitate instant access to important data like top sources top destinations top ports utilized etc.

The Cisco ASA 5500 Series

The Cisco ASA 5500 Series includes the Cisco ASA 5505, ASA 5510,ASA 5520, ASA 5540,ASA 5550,ASA 5580, andASA 5585-X Adaptive Security Appliances-purpose-built, high-performance security solutions that take advantage of Cisco's expertise in developing industry-leading, award-winning security and VPN solutions. Through the Cisco MPF, the Cisco ASA 5500 Series brings a new level of security and policy control to applications and networks. MPF enables highly customizable, flow-specific security policies that have been tailored to application requirements. The performance and extensibility of the Cisco ASA 5500 Series is enhanced through user-installable SSMs. This adaptable architecture enables businesses to rapidly deploy security services when and where they are needed, such as tailoring inspection techniques to specific application and user needs or adding additional intrusion prevention and content security services such as those delivered by the Adaptive Inspection and Prevention (AIP) and Content Security and Control (CSC) SSMs. Furthermore, the modular hardware architecture of the Cisco ASA 5500 Series, along with the powerful MPF, provides the flexibility to meet future network and security requirements, extending the outstanding investment protection provided by the Cisco ASA 5500 Series and allowing businesses to adapt their network defenses to new threats as they arise.

 

All Cisco ASA 5500 Series appliances offer both IPsec and SSL/DTLS VPN solutions; Clientless and AnyConnect VPN features are licensed at various price points, on a per seat and per feature basis. By converging SSL and IPsec VPN services with comprehensive threat defense technologies, the Cisco ASA 5500 Series provides highly customizable, granular network access tailored to meet the requirements of diverse deployment environments, while providing advanced endpoint and network-level security.

 

Cisco ASA 5505 Adaptive Security Appliance

The Cisco ASA 5505 Adaptive Security Appliance is a next-generation, full-featured security appliance for small business, branch office, and enterprise teleworker environments. The Cisco ASA 5505 delivers high-performance firewall, SSL and IPsec VPN, and rich networking services in a modular, "plug-and-play" appliance. Using the integrated Cisco ASDM, the Cisco ASA 5505 can be rapidly deployed and easily managed, enabling businesses to minimize operations costs. The Cisco ASA 5505 features a flexible 8-port 10/100 Fast Ethernet switch, whose ports can be dynamically grouped to create up to three separate VLANs for home, business, and Internet traffic for improved network segmentation and security. The Cisco ASA 5505 provides two Power over Ethernet (PoE) ports, simplifying the deployment of Cisco IP phones with zero-touch secure voice over IP (VoIP) capabilities, as well as the deployment of external wireless access points for extended network mobility. A high-performance intrusion prevention and worm mitigation service is available with the addition of the AIP SSC. Multiple USB ports can be used to enable additional services and capabilities as they are needed.

 

As business needs grow, customers can install a Security Plus upgrade license, enabling the Cisco ASA 5505 to scale to support a higher connection capacity and up to 25 IPsec VPN users, add full DMZ support, and integrate into switched network environments through VLAN trunking support. Furthermore, this upgrade license maximizes business continuity by enabling support for redundant ISP connections and stateless Active/Standby high-availability services.

 

Businesses can also extend the Cisco ASA 5505's VPN service by enabling AnyConnect client and clientless VPN remote access to support various mobile workers and business partners. The Cisco Secure Remote Access Solution deployments can scale to serve up to 25 AnyConnect and/or clientless VPN concurrent users on each Cisco ASA 5505 by installing an Essential or a Premium AnyConnect VPN license.

 

This combination of market-leading security and VPN services, advanced networking features, flexible remote management capabilities, and future extensibility makes the Cisco ASA 5505 an excellent choice for businesses requiring a best-in-class small business, branch office, or enterprise teleworker security solution.

 

Table 1 lists features of the Cisco ASA 5505.

Table 1. Cisco ASA 5505 Adaptive Security Appliance Platform Capabilities and Capacities

Feature

Description

Firewall Throughput

Up to 150 Mbps

Maximum Firewall and IPS Throughput

Up to 75 Mbps with AIP SSC-5

VPN Throughput

Up to 100 Mbps

Concurrent Sessions

10,000/25,000

IPsec VPN Peers

10; 25*

Premium AnyConnect VPN Peer License Levels

2, 10, or 25

Interfaces

8-port Fast Ethernet switch with dynamic port grouping (including 2 PoE ports)

Virtual Interfaces (VLANs)

3 (no trunking support)/20 (with trunking support)*

High Availability

Not supported; stateless Active/Standby and redundant ISP support*


Cisco ASA 5510 Adaptive Security Appliance

The Cisco ASA 5510 Adaptive Security Appliance delivers advanced security and networking services for small and medium-sized businesses and enterprise remote/branch offices in an easy-to-deploy, cost-effective appliance. These services can be easily managed and monitored by the integrated Cisco ASDM application, thus reducing the overall deployment and operations costs associated with providing this high level of security. The Cisco ASA 5510 Adaptive Security Appliance provides high-performance firewall and VPN services and five integrated 10/100 Fast Ethernet interfaces. It optionally provides high-performance intrusion prevention and worm mitigation services through the AIP SSM, or comprehensive malware protection services through the CSC SSM. This unique combination of services on a single platform makes the Cisco ASA 5510 an excellent choice for businesses requiring a cost-effective, extensible, DMZ-enabled security solution.

 

As business needs grow, customers can install a Security Plus license, upgrading two of the Cisco ASA 5510 Adaptive Security Appliance interfaces to Gigabit Ethernet and enabling integration into switched network environments through VLAN support. This upgrade license maximizes business continuity by enabling Active/Active and Active/Standby high-availability services. Using the optional security context capabilities of the Cisco ASA 5510 Adaptive Security Appliance, businesses can deploy up to five virtual firewalls within an appliance to enable compartmentalized control of security policies on a departmental level. This virtualization strengthens security and reduces overall management and support costs while consolidating multiple security devices into a single appliance.

 

Businesses can extend their SSL and IPsec VPN capacity to support a larger number of mobile workers, remote sites, and business partners. Up to 250 AnyConnect and/or clientless VPN peers can be supported on each Cisco ASA 5510 by installing an Essential or a Premium AnyConnect VPN license; up to 250 IPsec VPN peers are supported on the base platform.

 

VPN capacity and resiliency can also be increased by taking advantage of the Cisco ASA 5510's integrated VPN clustering and load-balancing capabilities (available with a Security Plus license). The Cisco ASA 5510 supports up to 10 appliances in a cluster, offering a maximum of 2500 AnyConnect and/or clientless VPN peers or 2500 IPsec VPN peers per cluster. For business continuity and event planning, the Cisco ASA 5510 can also benefit from the Cisco VPN FLEX licenses, which enable administrators to react to or plan for short-term bursts of concurrent Premium VPN remote-access users, for up to a 2-month period.

 

Table 2 lists features of the Cisco ASA 5510.

Table 2. Cisco ASA 5510 Adaptive Security Appliance Platform Capabilities and Capacities

Feature

Description

Firewall Throughput

Up to 300 Mbps

Maximum Firewall and IPS Throughput

• Up to 150 Mbps with AIP SSM-10
• Up to 300 Mbps with AIP SSM-20

VPN Throughput

Up to 170 Mbps

Concurrent Sessions

50,000; 130,000

IPsec VPN Peers

250

Premium AnyConnect VPN Peer License Levels

2,10, 25, 50, 100, or 250

Security Contexts

Up to 5

Interfaces*

5 Fast Ethernet ports; 2 Gigabit Ethernet + 3 Fast Ethernet*

Virtual Interfaces (VLANs)

50; 100*

Scalability*

VPN clustering and load balancing

High Availability

Not supported; Active/Active, Active/Standby*

Cisco ASA 5520 Adaptive Security Appliance

The Cisco ASA 5520 Adaptive Security Appliance delivers security services with Active/Active high availability and Gigabit Ethernet connectivity for medium-sized enterprise networks in a modular, high-performance appliance. With four Gigabit Ethernet interfaces and support for up to 100 VLANs, businesses can easily deploy the Cisco ASA 5520 into multiple zones within their network. The Cisco ASA 5520 Adaptive Security Appliance scales with businesses as their network security requirements grow, delivering solid investment protection.

 

Businesses can extend their SSL and IPsec VPN capacity to support a larger number of mobile workers, remote sites, and business partners. Up to 750 AnyConnect and/or clientless VPN peers can be supported on each Cisco ASA 5520 by installing an Essential or a Premium AnyConnect VPN license; 750 IPsec VPN peers are supported on the base platform. VPN capacity and resiliency can be increased by taking advantage of the Cisco ASA 5520's integrated VPN clustering and load-balancing capabilities. The Cisco ASA 5520 supports up to 10 appliances in a cluster, offering a maximum of 7500 AnyConnect and/or clientless VPN peers or 7500 IPsec VPN peers per cluster. For business continuity and event planning, the Cisco ASA 5520 can also benefit from the Cisco VPN FLEX licenses, which enable administrators to react to or plan for short-term bursts of concurrent Premium VPN remote-access users, for up to a 2-month period.

 

The advanced application-layer security and content security defenses provided by the Cisco ASA 5520 can be extended by deploying the high-performance intrusion prevention and worm mitigation capabilities of the AIP SSM, or the comprehensive malware protection of the CSC SSM. Using the optional security context capabilities of the Cisco ASA 5520 Adaptive Security Appliance, businesses can deploy up to 20 virtual firewalls within an appliance to enable compartmentalized control of security policies on a departmental level. This virtualization strengthens security and reduces overall management and support costs while consolidating multiple security devices into a single appliance.

 

Table 3 lists features of the Cisco ASA 5520.

 

Table 3. Cisco ASA 5520 Adaptive Security Appliance Platform Capabilities and Capacities

Feature

Description

Firewall Throughput

Up to 450 Mbps

Maximum Firewall and IPS Throughput

• Up to 225 Mbps with AIP SSM-10
• Up to 375 Mbps with AIP SSM-20
• Up to 450 Mbps with AIP SSM-40

VPN Throughput

Up to 225 Mbps

Concurrent Sessions

280,000

IPsec VPN Peers

750

Premium AnyConnect VPN Peer License Levels1

2,10, 25, 50, 100, 250, 500, or 750

Security Contexts*

Up to 20

Interfaces

4 Gigabit Ethernet ports and 1 Fast Ethernet port

Virtual Interfaces (VLANs)

150

Scalability

VPN clustering and load balancing

High Availability

Active/Active, Active/Standby


Cisco ASA 5540 Adaptive Security Appliance

The Cisco ASA 5540 Adaptive Security Appliance delivers high-performance, high-density security services with Active/Active high availability and Gigabit Ethernet connectivity for medium-sized and large enterprise and service-provider networks, in a reliable, modular appliance. With four Gigabit Ethernet interfaces and support for up to 100 VLANs, businesses can use the Cisco ASA 5540 to segment their network into numerous zones for improved security. The Cisco ASA 5540 Adaptive Security Appliance scales with businesses as their network security requirements grow, delivering exceptional investment protection and services scalability. The advanced network and application-layer security services and content security defenses provided by the Cisco ASA 5540 Adaptive Security Appliance can be extended by deploying the AIP SSM for high-performance intrusion prevention and worm mitigation.

 

Businesses can scale their SSL and IPsec VPN capacity to support a larger number of mobile workers, remote sites, and business partners. Up to 2500 AnyConnect and/or clientless VPN peers can be supported on each Cisco ASA 5540 by installing an Essential or a Premium AnyConnect VPN license; 5000 IPsec VPN peers are supported on the base platform. VPN capacity and resiliency can also be increased by taking advantage of the integrated VPN clustering and load-balancing capabilities of the Cisco ASA 5540. The Cisco ASA 5540 supports up to 10 appliances in a cluster, supporting a maximum of 25,000 AnyConnect and/or clientless VPN peers or 50,000 IPsec VPN peers per cluster. For business continuity and event planning, the ASA 5540 can also benefit from the Cisco VPN FLEX licenses, which enable administrators to react to or plan for short-term bursts of concurrent Premium VPN remote-access users, for up to a 2-month period.

 

Using the optional security context capabilities of the Cisco ASA 5540 Adaptive Security Appliance, businesses can deploy up to 50 virtual firewalls within an appliance to enable compartmentalized control of security policies on a per-department or per-customer basis, and deliver reduced overall management and support costs.

 

Table 4 lists features of the Cisco ASA 5540.

Table 4. Cisco ASA 5540 Adaptive Security Appliance Platform Capabilities and Capacities

Feature

Description

Firewall Throughput

Up to 650 Mbps

Maximum Firewall and IPS Throughput

• Up to 500 Mbps with AIP SSM-20
• Up to 650 Mbps with AIP SSM-40

VPN Throughput

Up to 325 Mbps

Concurrent Sessions

400,000

IPsec VPN Peers

5000

Premium AnyConnect VPN Peer License Levels*

2, 10, 25, 50, 100, 250, 500, 750, 1000, and 2500

Security Contexts

Up to 50

Interfaces

4 Gigabit Ethernet ports and 1 Fast Ethernet port

Virtual Interfaces (VLANs)

200

Scalability

VPN clustering and load balancing

High Availability

Active/Active, Active/Standby

Table 5. Ordering Information

Product Name

Part Number

Cisco ASA 5500 Series Firewall Edition Bundles

Cisco ASA 5505 10-User Bundle includes 8-port Fast Ethernet switch, 10 IPsec VPN peers, 2 Premium VPN peers, Triple Data Encryption Standard/Advanced Encryption Standard (3DES/AES) license

ASA5505-BUN-K9

Cisco ASA 5505 10-User Bundle includes 8-port Fast Ethernet switch, 10 IPsec VPN peers, 2 Premium VPN peers, Data Encryption Standard (DES) license

ASA5505-K8

Cisco ASA 5505 50-User Bundle includes 8-port Fast Ethernet switch, 10 IPsec VPN peers, 2 Premium VPN peers, 3DES/AES license

ASA5505-50-BUN-K9

Cisco ASA 5505 Unlimited-User Bundle includes 8-port Fast Ethernet switch, 10 IPsec VPN peers, 2 Premium VPN peers, 3DES/AES license

ASA5505-UL-BUN-K9

Cisco ASA 5505 Unlimited-User Security Plus Bundle includes 8-port Fast Ethernet switch, 25 IPsec VPN peers, 2 Premium VPN peers, DMZ, stateless Active/Standby high availability, 3DES/AES license

ASA5505-SEC-BUN-K9

Cisco ASA 5510 Firewall Edition includes 5 Fast Ethernet interfaces, 250 IPsec VPN peers, 2 Premium VPN peers, 3DES/AES license

ASA5510-BUN-K9

Cisco ASA 5510 Firewall Edition includes 5 Fast Ethernet interfaces, 250 IPsec VPN peers, 2 Premium VPN peers, DES license

ASA5510-K8

Cisco ASA 5510 Security Plus Firewall Edition includes 2 Gigabit Ethernet + 3 Fast Ethernet interfaces, 250 IPsec VPN peers, 2 Premium VPN peers, Active/Standby high availability, 3DES/AES license

ASA5510-SEC-BUN-K9

Cisco ASA 5520 Firewall Edition includes 4 Gigabit Ethernet interfaces + 1 Fast Ethernet interface, 750 IPsec VPN peers, 2 Premium VPN peers, Active/Active and Active/Standby high availability, 3DES/AES license

ASA5520-BUN-K9

Cisco ASA 5520 Firewall Edition includes 4 Gigabit Ethernet interfaces + 1 Fast Ethernet interface, 750 IPsec VPN peers, 2 Premium VPN peers, Active/Active and Active/Standby high availability, DES license

ASA5520-K8

Cisco ASA 5540 Firewall Edition includes 4 Gigabit Ethernet interfaces + 1 Fast Ethernet interface, 5000 IPsec VPN peers, 2 Premium VPN peers, 3DES/AES license

ASA5540-BUN-K9

Cisco ASA 5540 Firewall Edition includes 4 Gigabit Ethernet interfaces + 1 Fast Ethernet interface, 5000 IPsec VPN peers, 2 Premium VPN peers, DES license

ASA5540-K8

Cisco ASA 5550 Firewall Edition includes 8 Gigabit Ethernet interfaces + 1 Fast Ethernet interface, 4 Gigabit SFP interfaces, 5000 IPsec VPN peers, 2 Premium VPN peers, 3DES/AES license

ASA5550-BUN-K9

Cisco ASA 5550 Firewall Edition includes 8 Gigabit Ethernet interfaces + 1 Fast Ethernet interface, 4 Gigabit SFP interfaces, 5000 IPsec VPN peers, 2 Premium VPN peers, DES license

ASA5550-K8

Cisco ASA 5580-20 Firewall Edition includes 2 management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, DES license

ASA5580-20-BUN-K8

Cisco ASA 5580-20 Firewall Edition includes 2 management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, 3DES/AES license

ASA5580-20-BUN-K9

Cisco ASA 5580-20 Firewall Edition 4 Gigabit Ethernet Bundle includes 4 Gigabit Ethernet interfaces, 2 management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, dual AC power, 3DES/AES license

ASA5580-20-4GE-K9

Cisco ASA 5580-20 Firewall Edition 8 Gigabit Ethernet Bundle includes 8 Gigabit Ethernet interfaces, 2 management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, dual AC power, 3DES/AES license

ASA5580-20-8GE-K9

Cisco ASA 5580-40 Firewall Edition includes 2 management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, DES license

ASA5580-40-BUN-K8

Cisco ASA 5580-40 Firewall Edition includes 2 management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, 3DES/AES license

ASA5580-40-BUN-K9

Cisco ASA 5580-40 Firewall Edition 8 Gigabit Ethernet Bundle includes 8 Gigabit Ethernet interfaces, 2 management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, dual AC power, 3DES/AES license

ASA5580-40-8GE-K9

Cisco ASA 5580-40 Firewall Edition 4, 10 Gigabit Ethernet Bundle includes 4, 10 Gigabit Ethernet interfaces; 2 management interfaces; 10,000 IPsec VPN peers; 2 Premium VPN peers; dual AC power; 3DES/AES license

ASA5580-40-10GE-K9

Cisco ASA 5585-X Firewall Edition SSP-10 bundle includes 8 Gigabit Ethernet interfaces, 2 Gigabit Ethernet SFP interfaces, 2 Gigabit Ethernet management interfaces, 5000 IPsec VPN peers, 2 Premium VPN peers, DES license

ASA5585-S10-K8

Cisco ASA 5585-X Firewall Edition SSP-10 bundle includes 8 Gigabit Ethernet interfaces, 2 Gigabit Ethernet SFP interfaces, 2 Gigabit Ethernet management interfaces, 5000 IPsec VPN peers, 2 Premium VPN peers, 3DES/AES license

ASA5585-S10-K9

Cisco ASA 5585-X Security Plus Firewall Edition SSP-10 bundle includes 8 Gigabit Ethernet interfaces, 2 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 5000 IPsec VPN peers, 2 Premium VPN peers, dual AC power, 3DES/AES license

ASA5585-S10X-K9

Cisco ASA 5585-X Firewall Edition SSP-20 bundle includes 8 Gigabit Ethernet interfaces, 2 Gigabit Ethernet SFP interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, DES license

ASA5585-S20-K8

Cisco ASA 5585-X Firewall Edition SSP-20 bundle includes 8 Gigabit Ethernet interfaces, 2 Gigabit Ethernet SFP interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, 3DES/AES license

ASA5585-S20-K9

Cisco ASA 5585-X Security Plus Firewall Edition SSP-20 bundle includes 8 Gigabit Ethernet interfaces, 2 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, dual AC power, 3DES/AES license

ASA5585-S20X-K9

Cisco ASA 5585-X Firewall Edition SSP-40 bundle includes 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, DES license

ASA5585-S40-K8

Cisco ASA 5585-X Firewall Edition SSP-40 bundle includes 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, 3DES/AES license

ASA5585-S40-K9

Cisco ASA 5585-X Firewall Edition SSP-40 bundle includes 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, dual AC power, 3DES/AES license

ASA5585-S40-2A-K9

Cisco ASA 5585-X Firewall Edition SSP-60 bundle includes 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, dual AC power, 3DES/AES license

ASA5585-S60-2A-K8

Cisco ASA 5585-X Firewall Edition SSP-60 bundle includes 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, dual AC power, 3DES/AES license

ASA5585-S60-2A-K9

Cisco ASA 5500 Series IPS Edition Bundles

Cisco ASA 5505 50-User Adaptive Security Appliance with AIP-SSC-5 (chassis, software, 8 Fast Ethernet interfaces,10 IPsec VPN peers, 2 Premium VPN peers, 3DES/AES license)

ASA5505-50-AIP5-K9

Cisco ASA 5505 Unlimited-User Adaptive Security Appliance with Security Plus License and AIP-SSC-5 (chassis, software, 8 Fast Ethernet interfaces, 25 IPsec VPN peers, 2 Premium VPN peers, DMZ support, stateless Active/Standby high availability, 3DES/AES license)

ASA5505-U-AIP5P-K9

Cisco ASA 5510 IPS Edition includes AIP-SSM-10, firewall services, 250 IPsec VPN peers, 2 Premium VPN peers, 5 Fast Ethernet interfaces

ASA5510-AIP10-K9

Cisco ASA 5510 Adaptive Security Appliance with Security Plus License and AIP-SSM-10 (chassis, software, 2 Gigabit Ethernet interfaces, 3 Fast Ethernet interfaces, 250 IPsec VPN peers, 2 Premium VPN peers, Active/Active high availability, 3DES/AES)

ASA5510-AIP10SP-K9

Cisco ASA 5510 Adaptive Security Appliance with Security Plus License and AIP-SSM-20 (chassis, software, 2 Gigabit Ethernet interfaces, 3 Fast Ethernet interfaces, 250 IPsec VPN peers, 2 Premium VPN peers, Active/Active high availability, 3DES/AES)

ASA5510-AIP20SP-K9

Cisco ASA 5520 IPS Edition includes AIP-SSM-10, firewall services, 750 IPsec VPN peers, 2 Premium VPN peers, 4 Gigabit Ethernet interfaces, 1 Fast Ethernet interface

ASA5520-AIP10-K9

Cisco ASA 5520 IPS Edition includes AIP-SSM-20, firewall services, 750 IPsec VPN peers, 2 Premium VPN peers, 4 Gigabit Ethernet interfaces, 1 Fast Ethernet interface

ASA5520-AIP20-K9

Cisco ASA 5520 IPS Edition includes AIP-SSM-40, firewall services, 750 IPsec VPN peers, 2 Premium VPN peers, 4 Gigabit Ethernet interfaces, 1 Fast Ethernet interface

ASA5520-AIP40-K9

Cisco ASA 5540 IPS Edition includes AIP-SSM-20, firewall services, 5000 IPsec VPN peers, 2 Premium VPN peers, 4 Gigabit Ethernet interfaces, 1 Fast Ethernet interface

ASA5540-AIP20-K9

Cisco ASA 5540 IPS Edition includes AIP-SSM-40, firewall services, 5000 IPsec VPN peers, 2 Premium VPN peers, 4 Gigabit Ethernet interfaces, 1 Fast Ethernet interface

ASA5540-AIP40-K9

Cisco ASA 5585-X IPS Edition SSP-10 IPS SSP-10 bundle includes firewall services, 8 Gigabit Ethernet interfaces, 2 Gigabit Ethernet SFP interfaces, 2 Gigabit Ethernet management interfaces, 5000 IPsec VPN peers, 2 Premium VPN peers, DES license

ASA5585-S10P10-K8

Cisco ASA 5585-X IPS Edition SSP-10 IPS SSP-10 bundle includes firewall services, 8 Gigabit Ethernet interfaces, 2 Gigabit Ethernet SFP interfaces, 2 Gigabit Ethernet management interfaces, 5000 IPsec VPN peers, 2 Premium VPN peers, 3DES/AES license

ASA5585-S10P10-K9

Cisco ASA 5585-X Security Plus IPS Edition SSP-10 IPS SSP-10 bundle includes firewall services, 8 Gigabit Ethernet interfaces, 2 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 5000 IPsec VPN peers, 2 Premium VPN peers, dual AC power, 3DES/AES license

ASA5585-S10P10XK9

Cisco ASA 5585-X IPS Edition SSP-20 IPS SSP-20 bundle includes firewall services, 8 Gigabit Ethernet interfaces, 2 Gigabit Ethernet SFP interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, DES license

ASA5585-S20P20-K8

Cisco ASA 5585-X IPS Edition SSP-20 IPS SSP-20 bundle includes firewall services, 8 Gigabit Ethernet interfaces, 2 Gigabit Ethernet SFP interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, 3DES/AES license

ASA5585-S20P20-K9

Cisco ASA 5585-X Security Plus IPS Edition SSP-20 IPS SSP-20 bundle includes firewall services, 8 Gigabit Ethernet interfaces, 2 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, dual AC power, 3DES/AES license

ASA5585-S20P20XK9

Cisco ASA 5585-X IPS Edition SSP-40 IPS SSP-40 bundle includes firewall services, 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, dual AC power, DES license

ASA5585-S40P40-K8

Cisco ASA 5585-X IPS Edition SSP-40 IPS SSP-40 bundle includes firewall services, 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces,10,000 IPsec VPN peers, 2 Premium VPN peers, dual AC power, 3DES/AES license

ASA5585-S40P40-K9

Cisco ASA 5585-X IPS Edition SSP-60 IPS SSP-60 bundle includes firewall services, 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces,10,000 IPsec VPN peers, 2 Premium VPN peers, dual AC power, 3DES/AES license

ASA5585-S60P60-K8

Cisco ASA 5585-X IPS Edition SSP-60 IPS SSP-60 bundle includes firewall services, 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces,10,000 IPsec VPN peers, 2 Premium VPN peers, dual AC power, 3DES/AES license

ASA5585-S60P60-K9

Cisco ASA 5500 Series Content Security Edition Bundles

Cisco ASA 5510 Content Security Edition includes CSC-SSM-10, 50-user antivirus/antispyware with 1-year subscription, firewall services, 250 IPsec VPN peers, 2 Premium VPN peers, 3 Fast Ethernet interfaces

ASA5510-CSC10-K9

Cisco ASA 5510 Content Security Edition includes CSC-SSM-20, 500-user antivirus/antispyware with 1-year subscription, firewall services, 250 IPsec VPN peers, 2 Premium VPN peers, 3 Fast Ethernet interfaces

ASA5510-CSC20-K9

Cisco ASA 5520 Content Security Edition includes CSC-SSM-10, 50-user antivirus/antispyware with 1-year subscription, firewall services, 750 IPsec VPN peers, 2 Premium VPN peers, 4 Gigabit Ethernet interfaces, 1 Fast Ethernet interface

ASA5520-CSC10-K9

Cisco ASA 5520 Content Security Edition includes CSC-SSM-20, 500-user antivirus/antispyware with 1-year subscription, firewall services, 750 IPsec VPN peers, 2 Premium VPN peers, 4 Gigabit Ethernet interfaces, 1 Fast Ethernet interface

ASA5520-CSC20-K9

Cisco ASA 5500 Series SSL/IPsec VPN Edition Bundles

Cisco ASA 5505 SSL/IPsec VPN Edition includes 10 IPsec VPN peers, 10 Premium VPN peers, 50 firewall users, 8-port Fast Ethernet switch

ASA5505-SSL10-K9

Cisco ASA 5505 SSL/IPsec VPN Edition includes 25 IPsec VPN peers, 25 Premium VPN peers, 50 firewall users, 8-port Fast Ethernet switch

ASA5505-SSL25-K9

Cisco ASA 5510 SSL/IPsec VPN Edition includes 250 IPsec VPN peers, 50 Premium VPN peers, firewall services, 3 Fast Ethernet interfaces

ASA5510-SSL50-K9

Cisco ASA 5510 SSL/IPsec VPN Edition includes 250 IPsec VPN peers, 100 Premium VPN 100 peers, firewall services, 3 Fast Ethernet interfaces

ASA5510-SSL100-K9

Cisco ASA 5510 SSL/IPsec VPN Edition includes 250 IPsec VPN peers, 250 Premium VPN peers, firewall services, 3 Fast Ethernet interfaces

ASA5510-SSL250-K9

Cisco ASA 5520 SSL/IPsec VPN Edition includes 750 IPsec VPN peers, 500 Premium VPN peers, firewall services, 4 Gigabit Ethernet interfaces, 1 Fast Ethernet interface

ASA5520-SSL500-K9

Cisco ASA 5540 SSL/IPsec VPN Edition includes 5000 IPsec VPN peers, 1000 Premium VPN peers, firewall services, 4 Gigabit Ethernet interfaces, 1 Fast Ethernet interface

ASA5540-SSL1000-K9

Cisco ASA 5540 SSL/IPsec VPN Edition includes 5000 IPsec VPN peers, 2500 Premium VPN peers, firewall services, 4 Gigabit Ethernet interfaces, 1 Fast Ethernet interface

ASA5540-SSL2500-K9

Cisco ASA 5550 SSL/IPsec VPN Edition includes 5000 IPsec VPN peers, 2500 Premium VPN peers, firewall services, 8 Gigabit Ethernet interfaces, 1 Fast Ethernet interface

ASA5550-SSL2500-K9

Cisco ASA 5550 SSL/IPsec VPN Edition includes 5000 IPsec VPN peers, 5000 Premium VPN peers, firewall services, 8 Gigabit Ethernet interfaces, 1 Fast Ethernet interface

ASA5550-SSL5000-K9

Cisco ASA 5580 SSL/IPsec VPN Edition includes 10,000 IPsec VPN peers, 10,000 Premium VPN peers, firewall services, 4 Gigabit Ethernet interfaces, 2 management interfaces, dual AC power, 3DES/AES license

ASA5580-20-10K-K9

Cisco ASA 5585-X SSL/IPsec VPN Edition SSP-10 Bundle includes 5000 IPsec VPN peers, 5000 Premium VPN peers, firewall services, 8 Gigabit Ethernet interfaces, 2 management interfaces, 3DES/AES license

ASA5585-S10-5K-K9

Cisco ASA 5585-X SSL/IPsec VPN Edition SSP-20 Bundle includes 10,000 IPsec VPN peers, 10,000 Premium VPN peers, firewall services, 8 Gigabit Ethernet interfaces, 2 management interfaces, 3DES/AES license

ASA5585S20-10K-K9

Cisco ASA 5585-X SSL/IPsec VPN Edition SSP-40 Bundle includes 10,000 IPsec VPN peers, 10,000 Premium VPN peers, firewall services, 8 Gigabit Ethernet interfaces, 2 management interfaces, 3DES/AES license

ASA5585S40-10K-K9

Cisco ASA 5585-X SSL/IPsec VPN Edition SSP-60 Bundle includes 10,000 IPsec VPN peers, 10,000 Premium VPN peers, firewall services, 8 Gigabit Ethernet interfaces, 2 management interfaces, 3DES/AES license

ASA5585S60-10K-K9

Cisco ASA 5500 Series Firewall IPS VPN Premium Bundles

Cisco ASA 5585-X Integrated Edition SSP-10 IPS SSP-10 Bundle with firewall services, IPS services, 5,000 IPsec VPN peers, 5,000 Premium VPN peers, 16 Gigabit Ethernet interfaces, 4 Gigabit Ethernet SFP interfaces, 4 management interfaces, 3DES/AES license

ASA5585-S10P10SK9

Cisco ASA 5585-X Integrated Edition SSP-20 IPS SSP-20 Bundle with firewall services, IPS services, 10,000 IPsec VPN peers, 10,000 Premium VPN peers, 16 Gigabit Ethernet interfaces, 4 Gigabit Ethernet SFP interfaces, 4 management interfaces, 3DES/AES license

ASA5585-S20P20SK9

Cisco ASA 5585-X Integrated Edition SSP-40 IPS SSP-40 Bundle with firewall services, IPS services, 10,000 IPsec VPN peers, 10,000 Premium VPN peers, 12 Gigabit Ethernet interfaces, 8 10 Gigabit Ethernet SFP+ interfaces, 4 management interfaces, 3DES/AES license

ASA5585-S40P40SK9

Cisco ASA 5585-X Integrated Edition SSP-60 IPS SSP-60 Bundle with firewall services, IPS services, 10,000 IPsec VPN peers, 10,000 Premium VPN peers, 12 Gigabit Ethernet interfaces, 8 10 Gigabit Ethernet SFP+ interfaces, 4 management interfaces, 3DES/AES license

ASA5585-S60P60SK9

Security Services Modules

Cisco ASA 5500 Series Advanced Inspection and Prevention Security Services Card 5 (AIP SSC-5)

ASA-SSC-AIP-5-K9=

Cisco ASA Advanced Inspection and Prevention Security Services Module 10 (AIP SSM-10)

ASA-SSM-AIP-10-K9=

Cisco ASA Advanced Inspection and Prevention Security Services Module 20 (AIP SSM-20)

ASA-SSM-AIP-20-K9=

Cisco ASA 5500 Series Advanced Inspection and Prevention Security Services Module 40 (AIP-SSM-40)

ASA-SSM-AIP-40-K9=

Cisco ASA Content Security and Control Security Services Module 10 (CSC SSM-10) with 50-user antivirus/antispyware, 1-year subscription

ASA-SSM-CSC-10-K9=

Cisco ASA Content Security and Control Security Services Module 20 (CSC SSM-20)with 500-user antivirus/antispyware, 1-year subscription

ASA-SSM-CSC-20-K9=

Cisco ASA 4-Port Gigabit Ethernet Security Services Module

SSM-4GE=

Cisco ASA 5580 Series Interface Expansion Cards

Cisco ASA 5580 4-port 10/100/1000 Ethernet interface card, RJ-45

ASA5580-4GE-CU=

Cisco ASA 5580 4-port Gigabit Ethernet fiber interface card, SR, LC

ASA5580-4GE-FI=

Cisco ASA 5580 2-port 10 Gigabit Ethernet fiber interface card, SR, LC

ASA5580-2X10GE-SR=

Cisco ASA 5585-X Security Services Processors and IPS Security Services Processors

 

Cisco ASA 5585-X Security Services Processor-10 (SSP-10)

ASA-SSP-10-K8=

Cisco ASA 5585-X Security Services Processor-20 (SSP-20)

ASA-SSP-20-K8=

Cisco ASA 5585-X Security Services Processor-40 (SSP-40)

ASA-SSP-40-K8=

Cisco ASA 5585-X Security Services Processor-60 (SSP-60)

ASA-SSP-60-K8=

Cisco ASA 5585-X IPS Security Services Processor-10 (SSP-10)

ASA-SSP-IPS10-K9=

Cisco ASA 5585-X IPS Security Services Processor-20 (SSP-20)

ASA-SSP-IPS20-K9=

Cisco ASA 5585-X IPS Security Services Processor-40 (SSP-40)

ASA-SSP-IPS40-K9=

Cisco ASA 5585-X IPS Security Services Processor-60 (SSP-60)

ASA-SSP-IPS60-K9=

Cisco ASA 5500 Series Software

Cisco ASA Software one-time upgrade for nonsupport customers

ASA-SW-UPGRADE=

Cisco ASA 5500 Series Accessories

Cisco ASA 5500 Series compact flash, 256 MB

ASA5500-CF-256MB=

Cisco ASA 5500 Series compact flash, 512 MB

ASA5500-CF-512MB=

Cisco ASA 180W AC power supply

ASA-180W-PWR-AC=

Gigabit Ethernet optical SFP connector, 1000BASE-SX short-wavelength transceiver

GLC-SX-MM=

Gigabit Ethernet optical SFP connector, 1000BASE-LX/LH long-wavelength/long-haul transceiver

GLC-LH-SM=

Cisco ASA 5580 Spare AC Power Supply

ASA5580-PWR-AC=

Cisco ASA 5580 Spare Rail Kit

ASA5580-RAILS=

 

Csico ASA Product Comarison

 

Cisco ASA 5500 Series Model/License

Cisco ASA 5505 Base /
Security Plus

Cisco ASA 5510 Base /
Security Plus

Cisco ASA 5520

Cisco ASA 5540

Cisco ASA 5550

Product Image

Description: http://www.static-cisco.com/assets/cdc_content_elements/images/products/security_vpn/asa5500/asa5505_60x48.jpg

Description: http://www.static-cisco.com/assets/cdc_content_elements/images/products/security_vpn/asa5500/asa5510_60x48.jpg

Description: http://www.static-cisco.com/assets/cdc_content_elements/images/products/security_vpn/asa5500/asa5510_60x48.jpg

Description: http://www.static-cisco.com/assets/cdc_content_elements/images/products/security_vpn/asa5500/asa5510_60x48.jpg

Description: http://www.static-cisco.com/assets/cdc_content_elements/images/products/security_vpn/asa5500/asa5550_60x48.jpg

Network Location

Small Business, Branch Office, Enterprise Teleworker

Internet Edge

Internet Edge

Internet Edge

Internet Edge, Campus

Performance Summary

 

Maximum Firewall throughput

150 Mbps

300 Mbps

450 Mbps

650 Mbps

1.2 Gbps

Maximum Firewall Connections

10,000 /
25,000

50,000 /
130,000

280,000

400,000

650,000

Maximum Firewall Connections/Second

4000

9000

12,000

25,000

36,000

Packets Per Second (64 byte)

85,000

190,000

320,000

500,000

600,000

Maximum 3DES/AES VPN Throughput

100 Mbps

170 Mbps

225 Mbps

325 Mbps

425 Mbps

Maximum Site-to-Site and IPsec IKEv1 Client VPN User Sessions

10 /25

250

750

5000

5000

Maximum AnyConnect or Clientless VPN User Sessions

25

250

750

2500

5000

Bundled SSL VPN User Session

2

2

2

2

2

Technical Summary

 

Memory

512 MB

1 GB

2 GB

2 GB

4 GB

Minimum System Flash

128 MB

256 MB

256 MB

256 MB

256 MB

Integrated Ports

8 port 10/100 switch with 2 Power over Ethernet (PoE) ports

5-10/100  /
2-10/100/1000, 3-10/100
+4-10/100/1000, 4 SFP (with 4GE SSM)

4-10/100/1000,
1-10/100
+4-10/100/1000, 4 SFP (with 4GE SSM)

4-10/100/1000,
1-10/100
+4-10/100/1000, 4 SFP (with 4GE SSM)

8-10/100/1000,
4-SFP, 1-10/100

Maximum Virtual Interfaces (VLANs)

3 (trunking disabled) /
20 (trunking enabled)

50 / 100

150

200

400

Expansion Capabilities

 

SSC/SSM/ICs Expansion

1-SSC

1-SSM

1-SSM

1-SSM

Not available

SSC/SSM/ICs Supported

AIP, SSC

CSC SSM, AIP SSM, 4GE SSM

CSC SSM, AIP SSM, 4GE SSM

CSC SSM, AIP SSM, 4GE SSM

Not available

Intrusion Prevention

Yes (with AIP SSC)

Yes (with AIP SSM)

Yes (with AIP SSM)

Yes (with AIP SSM)

Not available

Concurrent Threat Mitigation Throughput (Mbps) (Firewall + IPS Services)

75 (with AIP SSC-5)

150 (with AIP SSM-10)
300 (with AIP SSM-20)

225 (with AIP SSM-10)
375 (with AIP SSM-20)
450 (with AIP SSM-40)

500 (wth AIP SSM-20)
650 (with AIP SSM-40)

Not available

Content Security (Anti-virus, Anti-Spyware, File Blocking)

Not available

Yes (with CSC SSM)

Yes (with CSC SSM)

Yes (with CSC SSM)

Not available

Maximum Number of Users for Anti-virus, Anti-spyware, File Blocking (CSC SSM only)

Not available

500 (CSC-SSM-10)
1000 (CSC-SSM-20)

500 (CSC-SSM-10)
1000 (CSC-SSM-20)

500 (CSC-SSM-10)
1000 (CSC-SSM-20)

Not available

Content Security Plus License features

Not available

Anti-spam, anti-phishing, URL filtering

Anti-spam, anti-phishing, URL filtering

Anti-spam, anti-phishing, URL filtering

Not available

Features

 

Cisco Adaptive Security Appliance Software Version (latest)

8.4

8.4

8.4

8.4

8.4

Application-layer Firewall Services

Yes

Yes

Yes

Yes

Yes

Layer 2 Transparent Firewalling

Yes

Yes

Yes

Yes

Yes

Security Contexts (included/maximum)1

0/0

0/0 / 
2/5

2/20

2/50

2/100

GTP/GPRS Inspection1

Not available

Not available

Yes

Yes

Yes

High-availability Support2

Not supported
Stateless A/S

Not supported
A/A and A/S

A/A and A/S

A/A and A/S

A/A and A/S

SSL and IPsec VPN Services

Yes

Yes

Yes

Yes

Yes

VPN Clustering and Load Balancing

Not available

Not available /
Yes

Yes

Yes

Yes

 

 

 

If you found the above information useful please rate this site by clicking on the respective icons bellow and help us keep this site alive

 

linked-in  

Share The Link And Enjoy Thanks !