Cisco ASA5585-S20-K8 firewall (hardware)
Contents
1. ASA SSP 40 K8 Cisco ASA 5585 X Security Services Processor 60 SSP 60 ASA SSP 60 K8 Cisco ASA 5585 X IPS Security Services Processor 10 SSP 10 ASA SSP IPS10 K9 Cisco ASA 5585 X IPS Security Services Processor 20 SSP 20 ASA SSP IPS20 K9 Cisco ASA 5585 X IPS Security Services Processor 40 SSP 40 ASA SSP IPS40 K9 Cisco ASA 5585 X IPS Security Services Processor 60 SSP 60 ASA SSP IPS60 K9 Cisco ASA 5500 Series Software Cisco ASA Software one time upgrade for nonsupport customers ASA SW UPGRADE Cisco ASA 5500 Series Accessories Cisco ASA 5500 Series compact flash 256 MB ASA5500 CF 256MB Cisco ASA 5500 Series compact flash 512 MB ASA5500 CF 512MB Cisco ASA 180W AC power supply ASA 180W PWR AC Gigabit Ethernet optical SFP connector 1000BASE SX short wavelength transceiver GLC SX MM Gigabit Ethernet optical SFP connector 1000BASE LX LH long wavelength long haul transceiver GLC LH SM Cisco ASA 5580 Spare AC Power Supply ASA5580 PWR AC 2011 Cisco and or its affiliates All rights reserved This document is Cisco Public Information Page 22 of 22 Data Sheet a Product Name Part Number Cisco ASA 5580 Spare Rail Kit ASA5580 RAILS To Download the Software Visit the Cisco Software Center to download Cisco ASA Software Service and Support Cisco services help you protect your netw2. Ethernet Ports aD wart A P ne gt a ADF A d a eee a g jui Integrated 10 100 1000 Ports 4 0 0 Integrated 1000BASE SX 0 4 with integrated short range optics 0 Ports LC connector Integrated fiber 10 Gigabit 0 0 2 with integrated short range optics LC connector 2011 Cisco and or its affiliates All rights reserved This document is Cisco Public Information Page 18 of 22 Data Sheet oT Feature Cisco ASA 5580 4 Port Gigabit Ethernet Copper Cisco ASA 5580 4 Port Gigabit Ethernet Fiber Cisco ASA 5580 2 Port 10Gigabit Ethernet Fiber Wiring Support Category 5 unshielded twisted pair UTP 4 pair Multimode fiber 62 5 um or 50 um Multimode fiber 62 5 um or 50 um Power Consumption 4 95W 3 3V 1 5A 4 95W 3 3V 1 5A 14W 12V 1 17A Physical Specifications Weight Approximately 1 Ib Approximately 1 Ib Approximately 1 Ib Ordering Information To place an order visit the Cisco Ordering Home Page Table 15 provides ordering information for the Cisco ASA 5500 Series Table 15 Ordering Information Product Name Part Number Cisco ASA 5500 Series Firewall Edition Bundles Cisco ASA 5505 10 User Bundle includes 8 port Fast Ethernet switch 10 IPsec VPN peers 2 Premium VPN peers Triple Data Encryption Standard Advanced Encryption Standard 3DES AES license ASA5505 BUN K9 Cisco ASA 5505 10 Use
3. The Cisco ASA 5500 Series CSC SSM delivers industry leading threat protection and content control at the Internet edge providing comprehensive antivirus antispyware file blocking antispam antiphishing URL blocking and filtering and content filtering services in an easy to manage solution The CSC SSM bolsters the Cisco ASA 5500 Series strong security capabilities providing customers with additional protection and control over the content of their business communications The module provides additional flexibility and choice over the functioning and 2011 Cisco and or its affiliates All rights reserved This document is Cisco Public Information Page 16 of 22 Data Sheet deployment of Cisco ASA 5500 Series appliances Licensing options enable organizations to customize the features and capabilities to each group s needs with features that include advanced content services and increased user capacity The CSC SSM ships with a default feature set that provides antivirus antispyware and file blocking services A Plus license is available for each CSC SSM at an additional charge delivering capabilities such as antispam antiphishing URL blocking and filtering and content control services Businesses can extend the user capacity of the CSC SSM by purchasing and installing additional user licenses A detailed listing of these options is shown in Table 12 and in the CSC SSM data sheet Table 12 Characteristics of Cisco ASA 5500 Series
4. 2 port 10 Gigabit Gigabit Ethernet Ethernet fiber SR LC fiber SR LC Virtual Interfaces VLANs 1024 1024 1024 1024 1024 1024 Security Contexts Up to 250 Up to 250 Up to 100 Up to 250 Up to 250 Up to 250 High Availability Active Active Active Active Active Active Active Active Active Active Active Active and and and and and and Active Standby Active Standby Active Standby Active Standby Active Standby Active Standby Redundant Power Supported Supported Supported Supported Supported Supported second power second power second power second power second power supply optional supply optional supply optional supply supply Interface Expansion 6 interface 6 interface N A N A N A N A expansion card expansion card slots slots USB 2 0 Ports 2 2 2 2 2 2 Max throughput measured under ideal test conditions VPN throughput and sessions count depend on the ASA device configuration and VPN traffic patterns These elements should be taken in to consideration as part of your capacity planning Separately licensed feature includes two SSL licenses with base system Available for the firewall feature set 2011 Cisco and or its affiliates All rights reserved This document is Cisco Public Information Page 13 of 22 Data Sheet a Feature Cisco ASA Cisco ASA Cisco ASA 5585 Cisco ASA 5585 Cisco ASA 5585 Cisco ASA 5585 5580 20 5580 40 X with SSP 10 X
5. 13 to 158 F 25 to 70 C Relative humidity 5 to 95 percent noncondensing 5 to 95 percent noncondensing Altitude 0 to 15 000 ft 4570 m 0 to 15 000 ft 4570 m Shock 30G 30G Vibration 0 41 Grms2 3 to 500 0 41 Grms2 3 to 500 Hz random input Hz random input Power Input per Power Supply Range line voltage 100 to 240 VAC 100 to 240 VAC Normal line voltage 100 to 240 VAC 100 to 240 VAC Current 1 8A 3A Frequency 50 60 Hz 47 63 Hz single phase Output Steady state 20W 150W Maximum peak 96W 190W Maximum heat dissipation 72 BTU hr 648 BTU hr Physical Specifications Form Factor Desktop 1 RU 19 in rack mountable Dimensions H x W x D 1 75 x 7 89 x 6 87 in 4 45 x 20 04 x 17 45 cm 1 75 x 17 5 x 14 25 in 4 45 x 20 04 x 36 20 cm Weight with Power Supply 4 0 Ib 1 8 kg 20 0 Ib 9 07 kg 22 0 Ib 10 kg Regulatory and Standards Compliance Safety UL 60950 CSA C22 2 No 60950 EN 60950 IEC 60950 AS NZS60950 Electromagnetic Compatibility EMC CE marking FCC Part 15 Class B AS NZS CISPR22 Class B VCCI Class B EN55022 Class B CISPR22 Class B EN61000 3 2 EN61000 3 3 CE marking FCC Part 15 Class A AS NZS CISPR22 Class A VCCI Class A EN55022 Class A CISPR22 Class A EN61000 3 2 EN61000 3 3 Industry Certifications FIPS 140 2 Level 2 In process Common Criteria EAL4 US DoD Application
6. 30 000 ft 9144 m Power Input per Power Supply Range line voltage 100 to 240 VAC 100 to 240 VAC Normal line voltage 100 to 240 VAC 100 to 240 VAC Max Current 12A 9A 100 VAC 4 5A 200 VAC Frequency 50 60 Hz 50 to 60 Hz Output from Power Supply Steady state 800W 320W 1 SSP only 670W 1 SSP and 1 IPS SSP Maximum peak 800W 370W 1 SSP only 770W 1 SSP and 1 IPS SSP Maximum heat dissipation 4070 BTU hr 3960 BTU hr 100 VAC 5450 BTU hr 200 VAC Physical Specifications Form Factor 4 RU 19 in rack mountable 2 RU 19 in rack mountable Dimensions H x W x D 6 94 x 19 x 26 5 in 17 6 x 48 3 x 67 3 cm 3 47 x 19 x 26 5 in 8 8x 48 3 x 67 3 cm Weight 66 Ib 29 9 kg with single power supply 50 Ibs 22 7 kg with 1 SSP and single power supply 62 Ibs 28 2 kg with SSP and IPS SSP and dual power supplies Regulatory and Standards Safety UL 60950 CSA C22 2 No 60950 EN 60950 IEC 60950 AS NZS60950 UL 60950 1 CAN CSA C22 2 No 60950 1 EN 60950 1 IEC 60950 1 AS NZS 60950 1GB4943 Electromagnetic Compatibility EMC CE marking FCC Part 15 Class A AS NZS CISPR22 Class A VCCI Class A EN55022 Class A CISPR22 Class A EN61000 3 2 EN61000 3 3 47CFR Part 15 CFR 47 Class A AS NZS CISPR22 Class A CISPR2 2 Class A EN55022 Class A ICES003 Class A VCCI Class A EN61000 3 2 EN61000 3 3 KN22 Class A CNS
7. AIP SSM 10 AIP SSM 20 AIP SSM 40 Concurrent Threat Mitigation Throughput Firewall IPS Services e 75 Mbps with Cisco ASA 5505 e 150 Mbps with Cisco ASA 5510 e 225 Mbps with Cisco ASA 5520 300 Mbps with Cisco ASA 5510 e 375 Mbps with Cisco ASA 5520 500 Mbps with Cisco ASA 5540 450 Mbps with Cisco ASA 5520 e 650 Mbps with Cisco ASA 5540 Technical Specifications Memory 512 MB 1 GB 2 GB 4GB Flash 512 MB 256 MB 256 MB 2 GB Environmental Operating Ranges Operating Temperature 32 to 104 F 0 to 40 C Relative humidity 5 to 95 percent noncondensing 2011 Cisco and or its affiliates All rights reserved This document is Cisco Public Information Page 15 of 22 Data Sheet a Feature Cisco ASA 5500 Series AIP SSC 5 Cisco ASA 5500 Series AIP SSM 10 Cisco ASA 5500 Series AIP SSM 20 Cisco ASA 5500 Series AIP SSM 40 Nonoperating Temperature 13 to 158 F 25 to 70 C Power consumption 30W maximum 90W maximum Physical Specifications Dimensions H x W x D 0 68 X 3 55 X 5 2 In 1 73 X 1 70 x 6 80 x 12 25 in 4 32 x 17 27 x 31 12 cm 9 02 X 13 21 cm Weight with Power Supply 0 42 Ib 0 19 kg 3 00 Ib 1 36 kg Regulatory and Standards Compliance Safety UL 60950 CSA C22 2 No 60950 EN 60950 IEC 60950 AS NZS60950 Elect
8. ASA 5580 20 Firewall Edition 8 Gigabit Ethernet Bundle includes 8 Gigabit Ethernet interfaces 2 management interfaces 10 000 IPsec VPN peers 2 Premium VPN peers dual AC power 3DES AES license ASA5580 20 8GE K9 Cisco ASA 5580 40 Firewall Edition includes 2 management interfaces 10 000 IPsec VPN peers 2 Premium VPN peers DES license ASA5580 40 BUN K8 Cisco ASA 5580 40 Firewall Edition includes 2 management interfaces 10 000 IPsec VPN peers 2 Premium VPN peers 3DES AES license ASA5580 40 BUN K9 Cisco ASA 5580 40 Firewall Edition 8 Gigabit Ethernet Bundle includes 8 Gigabit Ethernet interfaces 2 management interfaces 10 000 IPsec VPN peers 2 Premium VPN peers dual AC power 3DES AES license ASA5580 40 8GE K9 2011 Cisco and or its affiliates All rights reserved This document is Cisco Public Information Page 19 of 22 Data Sheet a Product Name Part Number Cisco ASA 5580 40 Firewall Edition 4 10 Gigabit Ethernet Bundle includes 4 10 Gigabit Ethernet interfaces 2 management interfaces 10 000 IPsec VPN peers 2 Premium VPN peers dual AC power 3DES AES license ASA5580 40 10GE K9 Cisco ASA 5585 X Firewall Edition SSP 10 bundle includes 8 Gigabit Ethernet interfaces 2 Gigabit Ethernet SFP interfaces 2 Gigabit Ethernet management interfaces 5000 IPsec VPN peers 2 Premium VPN peers DES license ASA5585 S10 K8 Cisco ASA 5585 X Firewall Edition SSP 10 bundle inclu
9. Businesses can extend their SSL and IPsec VPN capacity to support a larger number of mobile workers remote sites and business partners Up to 250 AnyConnect and or clientless VPN peers can be supported on each Cisco ASA 5510 by installing an Essential or a Premium AnyConnect VPN license up to 250 IPsec VPN peers are supported on the base platform VPN capacity and resiliency can also be increased by taking advantage of the Cisco ASA 5510 s integrated VPN clustering and load balancing capabilities available with a Security Plus license The Cisco ASA 5510 supports up to 10 appliances in a cluster offering a maximum of 2500 AnyConnect and or clientless VPN peers or 2500 IPsec VPN peers per cluster For business continuity and event planning the Cisco ASA 5510 can also benefit from the Cisco VPN FLEX licenses which enable administrators to react to or plan for short term bursts of concurrent Premium VPN remote access users for up to a 2 month period Table 2 lists features of the Cisco ASA 5510 Table 2 Cisco ASA 5510 Adaptive Security Appliance Platform Capabilities and Capacities Feature Description Firewall Throughput Up to 300 Mbps Maximum Firewall and IPS Throughput e Up to 150 Mbps with AIP SSM 10 Up to 300 Mbps with AIP SSM 20 VPN Throughput Up to 170 Mbps Concurrent Sessions 50 000 130 000 IPsec VPN Peers 250 Premium AnyConnect VPN Peer License Levels 2 10 25 50 100 or 250 Sec
10. CSC SSMs Feature Cisco ASA 5500 Series CSC SSM 10 Cisco ASA 5500 Series CSC SSM 20 Supported Platforms e Cisco ASA 5510 e Cisco ASA 5510 e Cisco ASA 5520 e Cisco ASA 5520 e Cisco ASA 5540 Standard and Optional Features Standard User License 50 users 500 users Standard Feature Set Antivirus antispyware file blocking Optional User Upgrades 100 users e 750 users Total Users 250 users 1000 users 500 users Optional Feature Upgrades Plus License Adds antispam antiphishing URL blocking and filtering and content control Technical Specifications Memory 1GB 2 GB System Flash 256 MB 256 MB Environmental Operating Ranges Operating Temperature 32 to 104 F 0 to 40 C Relative Humidity 10 to 90 percent noncondensing Nonoperating Temperature 13 to 158 F 25 to 70 C Power consumption 90W maximum Physical Specifications Dimensions H x W x D 1 70 x 6 80 x 12 25 in 4 32 x 17 27 x 31 12 cm Weight with Power Supply 3 00 Ib 1 36 kg Regulatory and Standards Compliance Safety UL 60950 CSA C22 2 No 60950 EN 60950 IEC 60950 AS NZS60950 Electromagnetic CE marking FCC Part 15 Class A AS NZS CISPR22 Class A VCCI Class A EN55022 Class A CISPR22 Class A Compatibility EMC EN61000 3 2 EN61000 3 3 Cisco ASA 5500 Series 4 Port Gigabit Ethernet Module The Cisco ASA 5500 Series 4 Port Gigabit Etherne
11. and services scalability The advanced network and application layer security services and content security defenses provided by the Cisco ASA 5540 Adaptive Security Appliance can be extended by deploying the AIP SSM for high performance intrusion prevention and worm mitigation Businesses can scale their SSL and IPsec VPN capacity to support a larger number of mobile workers remote sites and business partners Up to 2500 AnyConnect and or clientless VPN peers can be supported on each Cisco ASA 5540 by installing an Essential or a Premium AnyConnect VPN license 5000 IPsec VPN peers are supported on the Separately licensed feature includes two with base system Available for the firewall feature set 2011 Cisco and or its affiliates All rights reserved This document is Cisco Public Information Page 5 of 22 Data Sheet a base platform VPN capacity and resiliency can also be increased by taking advantage of the integrated VPN clustering and load balancing capabilities of the Cisco ASA 5540 The Cisco ASA 5540 supports up to 10 appliances in acluster supporting a maximum of 25 000 AnyConnect and or clientless VPN peers or 50 000 IPsec VPN peers per cluster For business continuity and event planning the ASA 5540 can also benefit from the Cisco VPN FLEX licenses which enable administrators to react to or plan for short term bursts of concurrent Premium VPN remote access users for up to a 2 month period Using the optional security
12. context capabilities of the Cisco ASA 5540 Adaptive Security Appliance businesses can deploy up to 50 virtual firewalls within an appliance to enable compartmentalized control of security policies on a per department or per customer basis and deliver reduced overall management and support costs Table 4 lists features of the Cisco ASA 5540 Table 4 Cisco ASA 5540 Adaptive Security Appliance Platform Capabilities and Capacities Feature Description Firewall Throughput Up to 650 Mbps Maximum Firewall and IPS Throughput Up to 500 Mbps with AIP SSM 20 Up to 650 Mbps with AIP SSM 40 VPN Throughput Up to 325 Mbps Concurrent Sessions 400 000 IPsec VPN Peers 5000 Premium AnyConnect VPN Peer License Levels 2 10 25 50 100 250 500 750 1000 and 2500 Security Contexts Up to 50 Interfaces 4 Gigabit Ethernet ports and 1 Fast Ethernet port Virtual Interfaces VLANs 200 Scalability VPN clustering and load balancing High Availability Active Active Active Standby Performance numbers tested and validated with Cisco ASA Software Release 7 2 Cisco ASA 5550 Adaptive Security Appliance The Cisco ASA 5550 Adaptive Security Appliance delivers gigabit class security services with Active Active or Active Standby high availability and fiber and Gigabit Ethernet connectivity for large enterprise and service provider networks in a reliable 1 rack unit form factor Using its eight Gigabit Ethernet i
13. network defenses to new threats as they arise All Cisco ASA 5500 Series appliances offer both IPsec and SSL DTLS VPN solutions Clientless and AnyConnect VPN features are licensed at various price points on a per seat and per feature basis By converging SSL and IPsec VPN services with comprehensive threat defense technologies the Cisco ASA 5500 Series provides highly customizable granular network access tailored to meet the requirements of diverse deployment environments while providing advanced endpoint and network level security Cisco ASA 5505 Adaptive Security Appliance The Cisco ASA 5505 Adaptive Security Appliance is a next generation full featured security appliance for small business branch office and enterprise teleworker environments The Cisco ASA 5505 delivers high performance firewall SSL and IPsec VPN and rich networking services in a modular plug and play appliance Using the integrated Cisco ASDM the Cisco ASA 5505 can be rapidly deployed and easily managed enabling businesses to minimize operations costs The Cisco ASA 5505 features a flexible 8 port 10 100 Fast Ethernet switch whose ports can be dynamically grouped to create up to three separate VLANs for home business and Internet traffic for improved network segmentation and security The Cisco ASA 5505 provides two Power over Ethernet PoE ports simplifying the deployment of Cisco IP phones with zero touch secure voice over IP VoIP capabilities as well as the
14. up to twice the connections per second and up to four times the session count of other firewalls at a similar throughput The appliances also provide twice the efficacy and the most comprehensive threat coverage of any IPS 2011 Cisco and or its affiliates All rights reserved This document is Cisco Public Information Page 9 of 22 Table 7 lists features of the Cisco ASA 5585 X appliances Data Sheet a Table 7 Cisco ASA 5585 X Adaptive Security Appliance Platform Capabilities and Capacities Feature ASA 5585 X with SSP 10 ASA 5585 X with SSP 20 ASA 5585 X with SSP 40 ASA 5585 X with SSP 60 Maximum Firewall 4 Gbps 10 Gbps 20 Gbps 40 Gbps Throughput max Maximum Firewall 3 Gbps 7 Gbps 12 Gbps 20 Gbps Throughput muti protocol Maximum Firewall and IPS Throughput 2 Gbps with IPS SSP 10 3 Gbps with IPS SSP 20 5 Gbps with IPS SSP 40 10 Gbps with IPS SSP 60 Maximum VPN 1 Gbps 2 Gbps 3 Gbps 5 Gbps Throughput Concurrent Sessions 1 000 000 2 000 000 4 000 000 10 000 000 IPsec VPN Peers Up to 5 000 Up to 10 000 Up to 10 000 Up to 10 000 Premium AnyConnect VPN Peer License Levels 2 10 25 50 100 250 500 750 1000 2500 and 5000 2 10 25 50 100 250 500 750 1000 2500 5000 and 10 000 2 10 25 50 100 250 500 750 1000 2500 5000 and 10 000 2 10 25 50 100 250 500 750 1000 2500 5000 and 10 000 Security Contexts Up to 100 Up to 250 U
15. with SSP 20 X with SSP 40 X with SSP 60 Serial Ports 1 RJ 45 console 1 RJ 45 console 1 RJ 45 console 1 RJ 45 console 1 RJ 45 console 1 RJ 45 console and auxiliary and auxiliary and auxiliary and auxiliary Rack Mountable Yes rails Yes rails Yes rack mounts Yes rack mounts Yes rack mounts Yes rack mounts included included included included included included Technical Specifications Memory 8 GB 12 GB 6 GB SSP 10 12 GB SSP 20 12 GB SSP 40 24 GB SSP 60 12 GB SSP 10 24 GB SSP 20 36 GB SSP 40 72 GB SSP 60 and IPS SSP 10 and IPS SSP 20 and IPS SSP 40 and IPS SSP 60 Minimum System Flash 1 GB 1 GB 2 GB SSP 10 2 GB SSP 20 2 GB SSP 40 2 GB SSP 60 4 GB SSP 10 and IPS SSP 10 4 GB SSP 20 and IPS SSP 20 4 GB SSP 40 and IPS SSP 40 4 GB SSP 60 and IPS SSP 60 Environmental Operating Ranges Operating Operating temperature 50 to 95F 10 to 350 32 to 104F 0 to 40C Relative humidity 10 to 90 percent noncondensing 10 to 90 percent noncondensing Altitude Designed and tested for 0 to 10 000 Designed and tested for 0 to 10 000 ft 3050 m ft 3050 m Agency approved for 2000 m Noise 55 dBa max 65 dBa max Nonoperating Temperature 22 to 140F 30 to 60 40 to 158 F 40 to 70 Relative humidity 5 to 95 percent noncondensing 5 to 95 percent noncondensing Altitude 0 to 30 000 ft 9144 m 0 to
16. 0 SSL IPsec VPN Edition includes 5000 IPsec VPN peers 2500 Premium VPN peers firewall services 8 Gigabit Ethernet interfaces 1 Fast Ethernet interface ASA5550 SSL2500 K9 Cisco ASA 5550 SSL IPsec VPN Edition includes 5000 IPsec VPN peers 5000 Premium VPN peers firewall services 8 Gigabit Ethernet interfaces 1 Fast Ethernet interface ASA5550 SSL5000 K9 Cisco ASA 5580 SSL IPsec VPN Edition includes 10 000 IPsec VPN peers 10 000 Premium VPN peers firewall services 4 Gigabit Ethernet interfaces 2 management interfaces dual AC power 3DES AES license ASA5580 20 10K K9 Cisco ASA 5585 X SSL IPsec VPN Edition SSP 10 Bundle includes 5000 IPsec VPN peers 5000 Premium VPN peers firewall services 8 Gigabit Ethernet interfaces 2 management interfaces 3DES AES license ASA5585 S10 5K K9 2011 Cisco and or its affiliates All rights reserved This document is Cisco Public Information Page 21 of 22 Data Sheet Product Name Part Number Cisco ASA 5585 X SSL IPsec VPN Edition SSP 20 Bundle includes 10 000 IPsec VPN peers 10 000 Premium VPN peers firewall services 8 Gigabit Ethernet interfaces 2 management interfaces 3DES AES license ASA5585S820 10K K9 Cisco ASA 5585 X SSL IPsec VPN Edition SSP 40 Bundle includes 10 000 IPsec VPN peers 10 000 Premium VPN peers firewall services 8 Gigabit Ethernet interfaces 2 management interfaces 3DES AES license ASA5585S40 10K K9 Cis
17. 13438 Class A EN50082 1 EN55024 CISPR24 EN300386 KN 61000 4 Series 2011 Cisco and or its affiliates All rights reserved This document is Cisco Public Information Page 14 of 22 Data Sheet a Security Services Processors Modules and Cards The Cisco ASA 5500 Series brings a new level of integrated security performance to networks with its highly effective IPS services and multiprocessor hardware architecture This architecture allows businesses to adapt and extend the high performance security services profile of the Cisco ASA 5500 Series Customers can add additional high performance services using security services modules with dedicated security co processors and can custom tailor flow specific policies using a highly flexible policy framework This adaptable architecture enables businesses to deploy new security services when and where they are needed such as adding the broad range of intrusion prevention and advanced anti worm services delivered by the IPS modules via IPS SSP AIP SSM and AIP SSC or the comprehensive malware protection and content security services enabled by the CSC SSM Further the architecture allows Cisco to introduce new services to address new threats giving businesses outstanding investment protection for the Cisco ASA 5500 Series Cisco ASA 5500 Series IPS Modules The Cisco ASA 5500 Series IPS SSP AIP SSM and AIP SSC are inline network based solutions that accurately identify classi
18. 25 IPsec VPN peers 2 Premium VPN peers DMZ support stateless Active Standby high availability 3DES AES license ASA5505 U AIP5P K9 Cisco ASA 5510 IPS Edition includes AIP SSM 10 firewall services 250 IPsec VPN peers 2 Premium VPN peers 5 Fast Ethernet interfaces ASA5510 AIP10 K9 Cisco ASA 5510 Adaptive Security Appliance with Security Plus License and AIP SSM 10 chassis software 2 Gigabit Ethernet interfaces 3 Fast Ethernet interfaces 250 IPsec VPN peers 2 Premium VPN peers Active Active high availability 3DES AES ASA5510 AIP10SP K9 Cisco ASA 5510 Adaptive Security Appliance with Security Plus License and AIP SSM 20 chassis software 2 Gigabit Ethernet interfaces 3 Fast Ethernet interfaces 250 IPsec VPN peers 2 Premium VPN peers Active Active high availability 3DES AES ASA5510 AIP20SP K9 Cisco ASA 5520 IPS Edition includes AIP SSM 10 firewall services 750 IPsec VPN peers 2 Premium VPN peers 4 Gigabit Ethernet interfaces 1 Fast Ethernet interface ASA5520 AIP10 K9 Cisco ASA 5520 IPS Edition includes AIP SSM 20 firewall services 750 IPsec VPN peers 2 Premium VPN peers 4 Gigabit Ethernet interfaces 1 Fast Ethernet interface ASA5520 AIP20 K9 Cisco ASA 5520 IPS Edition includes AIP SSM 40 firewall services 750 IPsec VPN peers 2 Premium VPN peers 4 Gigabit Ethernet interfaces 1 Fast Ethernet interface ASA5520 AIP40 K9 Cisco ASA 5540 IPS Edition includes AIP SSM 20 firewal
19. A5520 CSC20 K9 Cisco ASA 5500 Series SSL IPsec VPN Edition Bundles Cisco ASA 5505 SSL IPsec VPN Edition includes 10 IPsec VPN peers 10 Premium VPN peers 50 firewall users 8 port Fast Ethernet switch ASA5505 SSL10 K9 Cisco ASA 5505 SSL IPsec VPN Edition includes 25 IPsec VPN peers 25 Premium VPN peers 50 firewall users 8 port Fast Ethernet switch ASA5505 SSL25 K9 Cisco ASA 5510 SSL IPsec VPN Edition includes 250 IPsec VPN peers 50 Premium VPN peers firewall services 3 Fast Ethernet interfaces ASA5510 SSL50 K9 Cisco ASA 5510 SSL IPsec VPN Edition includes 250 IPsec VPN peers 100 Premium VPN 100 peers firewall services 3 Fast Ethernet interfaces ASA5510 SSL100 K9 Cisco ASA 5510 SSL IPsec VPN Edition includes 250 IPsec VPN peers 250 Premium VPN peers firewall services 3 Fast Ethernet interfaces ASA5510 SSL250 K9 Cisco ASA 5520 SSL IPsec VPN Edition includes 750 IPsec VPN peers 500 Premium VPN peers firewall services 4 Gigabit Ethernet interfaces 1 Fast Ethernet interface ASA5520 SSL500 K9 Cisco ASA 5540 SSL IPsec VPN Edition includes 5000 IPsec VPN peers 1000 Premium VPN peers firewall services 4 Gigabit Ethernet interfaces 1 Fast Ethernet interface ASA5540 SSL1000 K9 Cisco ASA 5540 SSL IPsec VPN Edition includes 5000 IPsec VPN peers 2500 Premium VPN peers firewall services 4 Gigabit Ethernet interfaces 1 Fast Ethernet interface ASA5540 SSL2500 K9 Cisco ASA 555
20. ASA5585 S40 K8 Cisco ASA 5585 X Firewall Edition SSP 40 bundle includes 6 Gigabit Ethernet interfaces 4 10 Gigabit Ethernet SFP interfaces 2 Gigabit Ethernet management interfaces 10 000 IPsec VPN peers 2 Premium VPN peers 3DES AES license ASA5585 S40 K9 Cisco ASA 5585 X Firewall Edition SSP 40 bundle includes 6 Gigabit Ethernet interfaces 4 10 Gigabit Ethernet SFP interfaces 2 Gigabit Ethernet management interfaces 10 000 IPsec VPN peers 2 Premium VPN peers dual AC power 3DES AES license ASA5585 S40 2A K9 Cisco ASA 5585 X Firewall Edition SSP 60 bundle includes 6 Gigabit Ethernet interfaces 4 10 Gigabit Ethernet SFP interfaces 2 Gigabit Ethernet management interfaces 10 000 IPsec VPN peers 2 Premium VPN peers dual AC power 3DES AES license ASA5585 S60 2A K8 Cisco ASA 5585 X Firewall Edition SSP 60 bundle includes 6 Gigabit Ethernet interfaces 4 10 Gigabit Ethernet SFP interfaces 2 Gigabit Ethernet management interfaces 10 000 IPsec VPN peers 2 Premium VPN peers dual AC power 3DES AES license ASA5585 S60 2A K9 Cisco ASA 5500 Series IPS Edition Bundles Cisco ASA 5505 50 User Adaptive Security Appliance with AIP SSC 5 chassis software 8 Fast Ethernet interfaces 10 IPsec VPN peers 2 Premium VPN peers 3DES AES license ASA5505 50 AIP5 K9 Cisco ASA 5505 Unlimited User Adaptive Security Appliance with Security Plus License and AIP SSC 5 chassis software 8 Fast Ethernet interfaces
21. Afafe CISCO Data Sheet Cisco ASA 5500 Series Adaptive Security Appliances Cisco ASA 5500 Series Adaptive Security Appliances deliver a robust suite of highly integrated market leading security services for small and medium sized businesses SMBs enterprises service providers and mission critical data centers in addition to providing unprecedented services flexibility modular scalability feature extensibility and lower deployment and operations costs A key component of the Cisco Secure Borderless Network the Cisco ASA 5500 Series Adaptive Security Appliances deliver superior scalability a broad span of technology and solutions and effective always on security designed to meet the needs of a wide array of deployments By integrating the world s most proven firewall a comprehensive highly effective intrusion prevention system IPS with Cisco Global Correlation and guaranteed coverage high performance VPN and always on remote access the Cisco ASA 5500 Series helps organizations provide secure high performance connectivity and protects critical assets for maximum productivity Figure 1 The Cisco ASA 5500 Series Adaptive Security Appliances The Cisco ASA 5500 Series helps businesses increase effectiveness and efficiency in protecting their networks and applications while delivering exceptional investment protection through the following elements e Market proven security capabilities The Cisco ASA 5500 Series integra
22. AnyConnect VPN 2 25 2 250 2 750 2 2500 2 5000 Peers Included Maximum Concurrent Connections 10 000 25 000 50 000 130 000 280 000 400 000 650 000 New Connections Second 4000 9000 12 000 25 000 36 000 Integrated Network Ports 8 port Fast Ethernet 5 Fast Ethernet ports 4 Gigabit Ethernet 4 Gigabit Ethernet 8 Gigabit Ethernet switch including 2 PoE ports 2 Gigabit Ethernet 3 Fast Ethernet ports 1 Fast Ethernet 1 Fast Ethernet 4 SFP Fiber 1 Fast Ethernet Virtual Interfaces VLANs 3 no trunking 50 100 150 200 400 support 20 with _ trunking support Security Contexts 0 0 0 0 Base 2 5 2 20 2 50 2 50 Included Maximum Security Plus High Availability Not supported Not supported Active Active and Active Active and Active Active and stateless Active Active and Active Standby Active Standby Active Standby Active Standby and _ Active Standby redundant ISP support Expansion Slot 1 SSC 1 SSM 1 SSM 1 SSM 0 User Accessible Flash Slot 0 1 1 1 1 USB 2 0 Ports 3 1 on front 2 on rear 2 2 2 2 Serial Ports 1 RJ 45 console 2 RJ 45 console and 2 RJ 45 console and 2 RJ 45 console and 2 RJ 45 console and auxiliary auxiliary auxiliary auxiliary Rack Mountable Yes with rack mount kit Yes Yes Yes Yes available in the future Wall Mountable Yes with wall mount kit Not available Not available Not available Not available available in the future
23. Europe Headquarters Cisco Systems Inc Cisco Systems USA Pte Ltd Cisco Systems International BV Amsterdam San Jose CA Singapore The Netherlands Cisco has more than 200 offices worldwide Addresses phone numbers and fax numbers are listed on the Cisco Website at www cisco com go offices Cisco and the Cisco Logo are trademarks of Cisco Systems Inc and or its affiliates in the U S and other countries A listing of Cisco s trademarks can be found at www cisco com go trademarks Third party trademarks mentioned are the property of their respective owners The use of the word partner does not imply a partnership relationship between Cisco and any other company 1005R Printed in USA C78 345385 18 04 11 2011 Cisco and or its affiliates All rights reserved This document is Cisco Public Information Page 23 of 22
24. Level Firewall for Medium Robustness Environments and Common Criteria EAL4 for IPsec SSL VPN FIPS 140 2 Level 2 In process Common Criteria EAL4 US DoD Application Level Firewall for Medium Robustness Environments and Common Criteria EAL4 for IPsec SSL VPN Common Criteria EAL4 US DoD Application Level Firewall for Medium Robustness Environments Common Criteria EAL2 for IPS on AIP SSM 10 and 20 FIPS 140 2 Level 2 and NEBS Level 3 In process Common Criteria EAL4 US DoD Application Level Firewall for Medium Robustness Environments and Common Criteria EAL4 for IPsec SSL VPN 2011 Cisco and or its affiliates All rights reserved This document is Cisco Public Information Page 12 of 22 Data Sheet a Table 9 Characteristics of Cisco ASA 5580 and 5585 X Adaptive Security Appliances Feature Cisco ASA Cisco ASA Cisco ASA 5585 Cisco ASA 5585 Cisco ASA 5585 Cisco ASA 5585 5580 20 5580 40 X with SSP 10 X with SSP 20 X with SSP 40 X with SSP 60 Users Nodes Unlimited Unlimited Unlimited Unlimited Unlimited Unlimited Firewall Throughput 10 Gbps Max 20 Gbps Max 4 Gbps Max 10 Gbps Max 20 Gbps Max 40 Gbps Max 5 Gbps Real 10 Gbps Real 3 Gbps Multi 7 Gbps Multi 12 Gbps Multi 20 Gbps Multi world HTTP world HTTP protocol protocol protocol protocol 3DES AES VPN Throug
25. N services and five integrated 10 100 Fast Ethernet interfaces It optionally provides high performance intrusion prevention and worm mitigation services through the AIP SSM or comprehensive malware protection services through the CSC SSM This unique combination of services on a single platform makes the Cisco ASA 5510 an excellent choice for businesses requiring a cost effective extensible DMZ enabled security solution As business needs grow customers can install a Security Plus license upgrading two of the Cisco ASA 5510 Adaptive Security Appliance interfaces to Gigabit Ethernet and enabling integration into switched network environments through VLAN support This upgrade license maximizes business continuity by enabling Active Active and Active Standby high availability services Using the optional security context capabilities of the Cisco ASA 5510 Adaptive Security Appliance businesses can deploy up to five virtual firewalls within an appliance to enable _ Upgrade available with Cisco ASA 5505 Security Plus license Separately licensed feature includes two with the base system 2011 Cisco and or its affiliates All rights reserved This document is Cisco Public Information Page 3 of 22 Data Sheet a compartmentalized control of security policies on a departmental level This virtualization strengthens security and reduces overall management and support costs while consolidating multiple security devices into a single appliance
26. Security Lock Slot for Yes Not available Not available Not available Not available Physical Security Technical Specifications Memory 512 MB 1GB 2 GB 2GB 4GB Minimum System Flash 128 MB 256 MB 256 MB 256 MB 256 MB System Bus Multibus architecture Multibus architecture Multibus architecture Multibus architecture Multibus architecture Environmental Operating Ranges Operating Temperature 32 to 104 F 0 to 40 C Relative humidity 5 to 95 percent noncondensing Altitude Designed and tested for 0 to 9840 ft 3000 m Agency approved for 2000 m Shock 1 14 m sec 45 in sec 1 14 m sec 45 in sec 1 2 sine input Ya sine input Vibration 0 41 Grms2 3 to 500 0 41 Grms2 3 to 500 Hz random input Hz random input Acoustic noise 0 dBa max 60 dBa max Separately licensed feature includes two SSL licenses with base system Available for the firewall feature set VPN throughput and sessions count depend on the ASA device configuration and VPN traffic patterns These elements should be taken in to consideration as part of your capacity planning 2011 Cisco and or its affiliates All rights reserved This document is Cisco Public Information Page 11 of 22 Data Sheet a Feature Cisco ASA 5505 Cisco ASA 5510 Cisco ASA 5520 Cisco ASA 5540 Cisco ASA 5550 Nonoperating Temperature 13 to 158 F 25 to 70 C
27. VPN peers can be supported on each Cisco ASA 5580 by installing an Essential or a Premium AnyConnect VPN license 10 000 IPsec VPN peers are supported on the base platform Cisco ASA 5580 Adaptive Security Appliances can also be clustered to improve reliability and scalability with support for up to 100 000 AnyConnect and or clientless or IPsec remote access clients when deploying 10 appliances in a cluster For business continuity and event planning the ASA 5580 can also benefit Separately licensed feature includes two with base system Available for the firewall feature set 2011 Cisco and or its affiliates All rights reserved This document is Cisco Public Information Page 7 of 22 Data Sheet a from the Cisco VPN FLEX licenses which enable administrators to react to or plan for short term bursts of concurrent Premium VPN remote access users for up to a 2 month period Additional features including security virtualization through the use of security contexts and VLANs increase service velocity while reducing operational and administrative overhead Table 6 lists features of the Cisco ASA 5580 20 and 5580 40 Table 6 Cisco ASA 5580 Adaptive Security Appliance Platform Capabilities and Capacities Feature ASA 5580 20 ASA 5580 40 Maximum Firewall Throughput 5 Gbps real world HTTP 10 Gbps max 10 Gbps real world HTTP 20 Gbps max Maximum VPN Throughput 1 Gbps 1 Gbps Concurrent Ses
28. able with Cisco ASA 5510 Security Plus license Separately licensed feature includes two with the base system Separately licensed feature includes two with the Cisco ASA 5510 Security Plus license Available for the firewall feature set 2011 Cisco and or its affiliates All rights reserved This document is Cisco Public Information Page 4 of 22 Data Sheet a cluster offering a maximum of 7500 AnyConnect and or clientless VPN peers or 7500 IPsec VPN peers per cluster For business continuity and event planning the Cisco ASA 5520 can also benefit from the Cisco VPN FLEX licenses which enable administrators to react to or plan for short term bursts of concurrent Premium VPN remote access users for up to a 2 month period The advanced application layer security and content security defenses provided by the Cisco ASA 5520 can be extended by deploying the high performance intrusion prevention and worm mitigation capabilities of the AIP SSM or the comprehensive malware protection of the CSC SSM Using the optional security context capabilities of the Cisco ASA 5520 Adaptive Security Appliance businesses can deploy up to 20 virtual firewalls within an appliance to enable compartmentalized control of security policies on a departmental level This virtualization strengthens security and reduces overall management and support costs while consolidating multiple security devices into a single appliance Table 3 lists features of t
29. aces 2 Gigabit Ethernet SFP interfaces 2 Gigabit Ethernet management interfaces 10 000 IPsec VPN peers 2 Premium VPN peers DES license ASA5585 S20P20 K8 Cisco ASA 5585 X IPS Edition SSP 20 IPS SSP 20 bundle includes firewall services 8 Gigabit Ethernet interfaces 2 Gigabit Ethernet SFP interfaces 2 Gigabit Ethernet management interfaces 10 000 IPsec VPN peers 2 Premium VPN peers 3DES AES license ASA5585 S20P20 K9 Cisco ASA 5585 X Security Plus IPS Edition SSP 20 IPS SSP 20 bundle includes firewall services 8 Gigabit Ethernet interfaces 2 10 Gigabit Ethernet SFP interfaces 2 Gigabit Ethernet management interfaces 10 000 IPsec VPN peers 2 Premium VPN peers dual AC power 3DES AES license ASA5585 S20P20XK9 Cisco ASA 5585 X IPS Edition SSP 40 IPS SSP 40 bundle includes firewall services 6 Gigabit Ethernet interfaces 4 10 Gigabit Ethernet SFP interfaces 2 Gigabit Ethernet management interfaces 10 000 IPsec VPN peers 2 Premium VPN peers dual AC power DES license ASA5585 S40P40 K8 Cisco ASA 5585 X IPS Edition SSP 40 IPS SSP 40 bundle includes firewall services 6 Gigabit Ethernet interfaces 4 10 Gigabit Ethernet SFP interfaces 2 Gigabit Ethernet management interfaces 10 000 IPsec VPN peers 2 Premium VPN peers dual AC power 3DES AES license ASA5585 S40P40 K9 Cisco ASA 5585 X IPS Edition SSP 60 IPS SSP 60 bundle includes firewall services 6 Gigabit Ethernet interfaces 4 10 Gigabit Ethernet SFP
30. co ASA 5585 X SSL IPsec VPN Edition SSP 60 Bundle includes 10 000 IPsec VPN peers 10 000 Premium VPN peers firewall services 8 Gigabit Ethernet interfaces 2 management interfaces 3DES AES license ASA5585S60 10K K9 Cisco ASA 5500 Series Firewall IPS VPN Premium Bundles Cisco ASA 5585 X Integrated Edition SSP 10 IPS SSP 10 Bundle with firewall services IPS services 5 000 IPsec VPN peers 5 000 Premium VPN peers 16 Gigabit Ethernet interfaces 4 Gigabit Ethernet SFP interfaces 4 management interfaces 3DES AES license ASA5585 S10P10SK9 Cisco ASA 5585 X Integrated Edition SSP 20 IPS SSP 20 Bundle with firewall services IPS services 10 000 IPsec VPN peers 10 000 Premium VPN peers 16 Gigabit Ethernet interfaces 4 Gigabit Ethernet SFP interfaces 4 management interfaces 3DES AES license ASA5585 S20P20SK9 Cisco ASA 5585 X Integrated Edition SSP 40 IPS SSP 40 Bundle with firewall services IPS services 10 000 IPsec VPN peers 10 000 Premium VPN peers 12 Gigabit Ethernet interfaces 8 10 Gigabit Ethernet SFP interfaces 4 management interfaces 3DES AES license ASA5585 S40P40SK9 Cisco ASA 5585 X Integrated Edition SSP 60 IPS SSP 60 Bundle with firewall services IPS services 10 000 IPsec VPN peers 10 000 Premium VPN peers 12 Gigabit Ethernet interfaces 8 10 Gigabit Ethernet SFP interfaces 4 management interfaces 3DES AES license ASA5585 S60P60SK9 Security Services Modules Cisco ASA 5500 Series Ad
31. cument is Cisco Public Information Page 6 of 22 Data Sheet a Using the optional security context capabilities of the Cisco ASA 5550 Adaptive Security Appliance businesses can deploy up to 100 virtual firewalls within an appliance to enable compartmentalized control of security policies ona per department or per customer basis and deliver reduced overall management and support costs Note The system provides a total of 12 Gigabit Ethernet ports of which only 8 can be in service at any time Businesses can choose between copper or fiber connectivity providing flexibility for data center campus or enterprise edge connectivity Table 5 lists features of the Cisco ASA 5550 Table 5 Cisco ASA 5550 Adaptive Security Appliance Platform Capabilities and Capacities Feature Description Firewall Throughput Up to 1 2 Gbps VPN Throughput Up to 425 Mbps Concurrent Sessions 650 000 IPsec VPN Peers 5000 Premium AnyConnect VPN Peer License Levels 2 10 25 50 100 250 500 750 1000 2500 and 5000 Security Contexts Up to 100 Interfaces 8 Gigabit Ethernet ports 4 SFP fiber ports and 1 Fast Ethernet port Virtual Interfaces VLANs 400 Scalability VPN clustering and load balancing High Availability Active Active Active Standby Performance numbers tested and validated with Cisco ASA Software Release 8 4 1 Cisco ASA 5580 Adaptive Security Appliances The Cisco ASA 5580 20 and 5580 40 Ada
32. deployment of external wireless access points for extended network mobility A high performance intrusion prevention and worm mitigation service is available with the addition of the AIP SSC Multiple USB ports can be used to enable additional services and capabilities as they are needed 2011 Cisco and or its affiliates All rights reserved This document is Cisco Public Information Page 2 of 22 Data Sheet a As business needs grow customers can install a Security Plus upgrade license enabling the Cisco ASA 5505 to scale to support a higher connection capacity and up to 25 IPsec VPN users add full DMZ support and integrate into switched network environments through VLAN trunking support Furthermore this upgrade license maximizes business continuity by enabling support for redundant ISP connections and stateless Active Standby high availability services Businesses can also extend the Cisco ASA 5505 s VPN service by enabling AnyConnect client and clientless VPN remote access to support various mobile workers and business partners The Cisco Secure Remote Access Solution deployments can scale to serve up to 25 AnyConnect and or clientless VPN concurrent users on each Cisco ASA 5505 by installing an Essential or a Premium AnyConnect VPN license This combination of market leading security and VPN services advanced networking features flexible remote management capabilities and future extensibility makes the Cisco ASA 5505 an excellen
33. des 8 Gigabit Ethernet interfaces 2 Gigabit Ethernet SFP interfaces 2 Gigabit Ethernet management interfaces 5000 IPsec VPN peers 2 Premium VPN peers 3DES AES license ASA5585 S10 K9 Cisco ASA 5585 X Security Plus Firewall Edition SSP 10 bundle includes 8 Gigabit Ethernet interfaces 2 10 Gigabit Ethernet SFP interfaces 2 Gigabit Ethernet management interfaces 5000 IPsec VPN peers 2 Premium VPN peers dual AC power 3DES AES license ASA5585 S10X K9 Cisco ASA 5585 X Firewall Edition SSP 20 bundle includes 8 Gigabit Ethernet interfaces 2 Gigabit Ethernet SFP interfaces 2 Gigabit Ethernet management interfaces 10 000 IPsec VPN peers 2 Premium VPN peers DES license ASA5585 S20 K8 Cisco ASA 5585 X Firewall Edition SSP 20 bundle includes 8 Gigabit Ethernet interfaces 2 Gigabit Ethernet SFP interfaces 2 Gigabit Ethernet management interfaces 10 000 IPsec VPN peers 2 Premium VPN peers 3DES AES license ASA5585 S20 K9 Cisco ASA 5585 X Security Plus Firewall Edition SSP 20 bundle includes 8 Gigabit Ethernet interfaces 2 10 Gigabit Ethernet SFP interfaces 2 Gigabit Ethernet management interfaces 10 000 IPsec VPN peers 2 Premium VPN peers dual AC power 3DES AES license ASA5585 S20X K9 Cisco ASA 5585 X Firewall Edition SSP 40 bundle includes 6 Gigabit Ethernet interfaces 4 10 Gigabit Ethernet SFP interfaces 2 Gigabit Ethernet management interfaces 10 000 IPsec VPN peers 2 Premium VPN peers DES license
34. fy and stop malicious traffic before it affects business continuity for IPv4 IPv6 and hybrid IPv6 and IPv4 networks They combine inline prevention services with innovative technologies resulting in total confidence in the provided protection of the deployed IPS solution without the fear of legitimate traffic being dropped The IPS SSP AIP SSM and AIP SSC also offer comprehensive network protection through their unique ability to collaborate with other network security resources providing a proactive approach to protecting the network Accurate inline prevention technologies provide unparalleled confidence to take preventive action on a broader range of threats without the risk of dropping legitimate traffic These unique technologies offer intelligent automated contextual analysis of data and help ensure that businesses are getting the most out of their intrusion prevention solutions Furthermore the IPS SSP AIP SSM and AIP SSC use multivector threat identification to protect the network from policy violations vulnerability exploitations and anomalous activity through detailed inspection of traffic in Layers 2 through 7 Table 10 and 11 detail the IPS SSP AIP SSM and AIP SSC models that are available and their respective performance and physical characteristics Table 10 Characteristics of Cisco ASA 5500 Series AIP SSM and SSC Models Feature Cisco ASA 5500 Series Cisco ASA 5500 Series Cisco ASA 5500 Series Cisco ASA 5500 Series AIP SSC 5
35. he Cisco ASA 5520 Table 3 Cisco ASA 5520 Adaptive Security Appliance Platform Capabilities and Capacities Feature Description Firewall Throughput Up to 450 Mbps Maximum Firewall and IPS Throughput e Up to 225 Mbps with AIP SSM 10 e Up to 375 Mbps with AIP SSM 20 Up to 450 Mbps with AIP SSM 40 VPN Throughput Up to 225 Mbps Concurrent Sessions 280 000 IPsec VPN Peers 750 Premium AnyConnect VPN Peer License Levels 2 10 25 50 100 250 500 or 750 Security Contexts Up to 20 Interfaces 4 Gigabit Ethernet ports and 1 Fast Ethernet port Virtual Interfaces VLANs 150 Scalability VPN clustering and load balancing High Availability Active Active Active Standby Performance numbers tested and validated with Cisco ASA Software Release 7 2 Cisco ASA 5540 Adaptive Security Appliance The Cisco ASA 5540 Adaptive Security Appliance delivers high performance high density security services with Active Active high availability and Gigabit Ethernet connectivity for medium sized and large enterprise and service provider networks in a reliable modular appliance With four Gigabit Ethernet interfaces and support for up to 100 VLANs businesses can use the Cisco ASA 5540 to segment their network into numerous zones for improved security The Cisco ASA 5540 Adaptive Security Appliance scales with businesses as their network security requirements grow delivering exceptional investment protection
36. hernet interfaces 1 Fast Ethernet interface 750 IPsec VPN peers 2 Premium VPN peers Active Active and Active Standby high availability DES license ASA5520 K8 Cisco ASA 5540 Firewall Edition includes 4 Gigabit Ethernet interfaces 1 Fast Ethernet interface 5000 IPsec VPN peers 2 Premium VPN peers 3DES AES license ASA5540 BUN K9 Cisco ASA 5540 Firewall Edition includes 4 Gigabit Ethernet interfaces 1 Fast Ethernet interface 5000 IPsec VPN peers 2 Premium VPN peers DES license ASA5540 K8 Cisco ASA 5550 Firewall Edition includes 8 Gigabit Ethernet interfaces 1 Fast Ethernet interface 4 Gigabit SFP interfaces 5000 IPsec VPN peers 2 Premium VPN peers 3DES AES license ASA5550 BUN K9 Cisco ASA 5550 Firewall Edition includes 8 Gigabit Ethernet interfaces 1 Fast Ethernet interface 4 Gigabit SFP interfaces 5000 IPsec VPN peers 2 Premium VPN peers DES license ASA5550 K8 Cisco ASA 5580 20 Firewall Edition includes 2 management interfaces 10 000 IPsec VPN peers 2 Premium VPN peers DES license ASA5580 20 BUN K8 Cisco ASA 5580 20 Firewall Edition includes 2 management interfaces 10 000 IPsec VPN peers 2 Premium VPN peers 3DES AES license ASA5580 20 BUN K9 Cisco ASA 5580 20 Firewall Edition 4 Gigabit Ethernet Bundle includes 4 Gigabit Ethernet interfaces 2 management interfaces 10 000 IPsec VPN peers 2 Premium VPN peers dual AC power 3DES AES license ASA5580 20 4GE K9 Cisco
37. hput 1 Gbps 1 Gbps 1 Gbps 2 Gbps 3 Gbps 5 Gbps IPsec VPN Peers 10 000 10 000 5 000 10 000 10 000 10 000 Premium AnyConnect VPN 2 10 000 2 10 000 2 5 000 2 10 000 2 10 000 2 10 000 Peers Concurrent Connections 2 000 000 4 000 000 1 000 000 2 000 000 4 000 000 10 000 000 New Connections Second 90 000 150 000 65 000 140 000 240 000 350 000 Packets Second 64 byte 2 500 000 4 000 000 1 500 000 3 200 000 6 000 000 10 500 000 Integrated Network 2 port 2 port 2 port 2 port 2 port 2 port Management Ports 10 100 1000 10 100 1000 10 100 1000 10 100 1000 10 100 1000 10 100 1000 Integrated Network Ports N A N A 8 port 8 port 6 port 6 port 10 100 1000 2 10 100 1000 2 10 100 1000 4 10 100 1000 4 port 10 Gigabit port 10 Gigabit port 10 Gigabit port 10 Gigabit Ethernet Ethernet Ethernet SFP Ethernet SFP SFP SFP Maximum Integrated N A N A 16 port 16 port 12 port 12 port Network Ports 10 100 1000 4 10 100 1000 4 10 100 1000 8 10 100 1000 8 port 10 Gigabit port 10 Gigabit port 10 Gigabit port 10 Gigabit Ethernet SFP Ethernet SFP Ethernet SFP Ethernet SFP SSP 10 and IPS SSP 20 and IPS SSP 40 and IPS SSP 60 and IPS SSP 10 SSP 20 SSP 40 SSP 60 Interface Card Slots 6 6 2 2 2 2 Interface Card Options e 4 port 4 port Not available Not available Not available Not available 10 100 1000 10 100 1000 RJ 45 RJ 45 e 4 port Gigabit 4 port Gigabit Ethernet Ethernet fiber SR LC fiber SR LC e 2 port 10
38. interfaces 2 Gigabit Ethernet management interfaces 10 000 IPsec VPN peers 2 Premium VPN peers dual AC power 3DES AES license ASA5585 S60P60 K8 Cisco ASA 5585 X IPS Edition SSP 60 IPS SSP 60 bundle includes firewall services 6 Gigabit Ethernet interfaces 4 10 Gigabit Ethernet SFP interfaces 2 Gigabit Ethernet management interfaces 10 000 IPsec VPN peers 2 Premium VPN peers dual AC power 3DES AES license ASA5585 S60P60 K9 Cisco ASA 5500 Series Content Security Edition Bundles Cisco ASA 5510 Content Security Edition includes CSC SSM 10 50 user antivirus antispyware with 1 year subscription firewall services 250 IPsec VPN peers 2 Premium VPN peers 3 Fast Ethernet interfaces ASA5510 CSC10 K9 Cisco ASA 5510 Content Security Edition includes CSC SSM 20 500 user antivirus antispyware with 1 year subscription firewall services 250 IPsec VPN peers 2 Premium VPN peers 3 Fast Ethernet interfaces ASA5510 CSC20 K9 Cisco ASA 5520 Content Security Edition includes CSC SSM 10 50 user antivirus antispyware with 1 year subscription firewall services 750 IPsec VPN peers 2 Premium VPN peers 4 Gigabit Ethernet interfaces 1 Fast Ethernet interface ASA5520 CSC10 K9 Cisco ASA 5520 Content Security Edition includes CSC SSM 20 500 user antivirus antispyware with 1 year subscription firewall services 750 IPsec VPN peers 2 Premium VPN peers 4 Gigabit Ethernet interfaces 1 Fast Ethernet interface AS
39. l services 5000 IPsec VPN peers 2 Premium VPN peers 4 Gigabit Ethernet interfaces 1 Fast Ethernet interface ASA5540 AIP20 K9 Cisco ASA 5540 IPS Edition includes AIP SSM 40 firewall services 5000 IPsec VPN peers 2 Premium VPN peers 4 Gigabit Ethernet interfaces 1 Fast Ethernet interface ASA5540 AIP40 K9 Cisco ASA 5585 X IPS Edition SSP 10 IPS SSP 10 bundle includes firewall services 8 Gigabit Ethernet interfaces 2 Gigabit Ethernet SFP interfaces 2 Gigabit Ethernet management interfaces 5000 IPsec VPN peers 2 Premium VPN peers DES license ASA5585 S10P10 K8 Cisco ASA 5585 X IPS Edition SSP 10 IPS SSP 10 bundle includes firewall services 8 Gigabit Ethernet interfaces 2 Gigabit Ethernet SFP interfaces 2 Gigabit Ethernet management interfaces 5000 IPsec VPN peers 2 Premium VPN peers 3DES AES license ASA5585 S10P10 K9 2011 Cisco and or its affiliates All rights reserved This document is Cisco Public Information Page 20 of 22 Data Sheet a Product Name Part Number Cisco ASA 5585 X Security Plus IPS Edition SSP 10 IPS SSP 10 bundle includes firewall services 8 Gigabit Ethernet interfaces 2 10 Gigabit Ethernet SFP interfaces 2 Gigabit Ethernet management interfaces 5000 IPsec VPN peers 2 Premium VPN peers dual AC power 3DES AES license ASA5585 S10P10XK9 Cisco ASA 5585 X IPS Edition SSP 20 IPS SSP 20 bundle includes firewall services 8 Gigabit Ethernet interf
40. nterfaces four Small Form Factor Pluggable SFP fiber interfaces and support for up to 200 VLANs businesses can segment their network into numerous high performance zones for improved security The Cisco ASA 5550 Adaptive Security Appliance scales with businesses as their network security requirements grow delivering exceptional investment protection and services scalability Businesses can scale their SSL and IPsec VPN capacity to support a larger number of mobile workers remote sites and business partners Up to 5000 AnyConnect and or clientless VPN peers can be supported on each Cisco ASA 5550 by installing an Essential or a Premium AnyConnect VPN license 5000 IPsec VPN peers are supported on the base platform VPN capacity and resiliency can also be increased by taking advantage of the Cisco ASA 5550 s integrated VPN clustering and load balancing capabilities The Cisco ASA 5550 supports up to 10 appliances in a cluster supporting a maximum of 50 000 AnyConnect and or clientless VPN peers or 50 000 IPsec VPN peers per cluster For business continuity and event planning the ASA 5550 can also benefit from the Cisco VPN FLEX licenses which enable administrators to react to or plan for short term bursts of concurrent Premium VPN remote access users for up to a 2 month period Separately licensed feature includes two with base system Available for the firewall feature set 2011 Cisco and or its affiliates All rights reserved This do
41. ocessors SSPs security services modules SSMs and security services cards SSCs This provides businesses with outstanding investment protection while enabling them to expand the security services profile of their Cisco ASA 5500 Series as their security and performance needs grow All these services are easily managed through the powerful Cisco Modular Policy Framework which allows businesses to create highly customized security policies while making it simple to add new security and networking services into their existing policies e Reduced deployment and operations costs The Cisco ASA 5500 Series enables standardization on a single platform to reduce the overall operational cost of security A common environment for configuration 2011 Cisco and or its affiliates All rights reserved This document is Cisco Public Information Page 1 of 22 Data Sheet ee simplifies management and reduces training costs for staff while the common hardware platform of the series reduces sparing costs Additional efficiencies are realized by deploying integrated capabilities obviating the need for the complex designs required to connect standalone solutions e Comprehensive management interfaces The graphical Cisco Adaptive Security Device Manager ASDM a comprehensive command line interface CLI verbose syslog and Simple Network Management Protocol SNMP support round out a rich complement of management options Multi unit deployments benefi
42. on 25W maximum Physical Specifications Dimensions H x W x D 1 70 x 6 80 x 12 25 in 4 32 x 17 27 x 31 12 cm Weight with Power Supply 2 00 Ib 0 91 kg Regulatory and Standards Compliance UL 60950 CSA C22 2 No 60950 EN 60950 IEC 60950 AS NZS60950 CE marking FCC Part 15 Class A AS NZS CISPR22 Class A VCCI Class A EN55022 Class A CISPR22 Class A EN61000 3 2 EN61000 3 3 Safety Electromagnetic Compatibility EMC Cisco ASA 5580 Security Appliance Interface Cards Cisco ASA 5580 Adaptive Security Appliances are designed for ultimate interface flexibility and density with six interface card expansion slots supporting up to 24 Gigabit Ethernet ports twelve 10 Gigabit Ethernet ports or combinations thereof These exceptional interface densities enable advanced security applications including full mesh high availability multiple DMZs virtual firewalls and managed security Gigabit Ethernet interfaces are available in 4 port copper or fiber configurations and 10 Gigabit Ethernet is available in a 2 port fiber configuration Gigabit Ethernet and 10 Gigabit Ethernet fiber interfaces feature integrated short range optics SR and an LC connector Table 14 Table 14 Characteristics of Cisco ASA 5580 Interface Cards Feature Cisco ASA 5580 4 Port Gigabit Ethernet Copper Cisco ASA 5580 4 Port Gigabit Ethernet Fiber Cisco ASA 5580 2 Port 10Gigabit Ethernet Fiber eaea
43. ork investment optimize network operations and prepare your network for new applications to extend network intelligence and the power of your business Included in the Operate phase of the service lifecycle are Cisco Security IntelliShield Alert Manager Service Cisco SMARTnet Cisco Service Provider Base and Cisco Services for IPS These services are suitable for enterprise commercial and service provider customers Cisco Security Intellishield Alert Manager Service provides a customizable web based threat and vulnerability alert service that allows organizations to easily access timely accurate and credible information about potential vulnerabilities in their environment Cisco Services for IPS supports modules platforms and bundles of platforms and modules that feature IPS capabilities Cisco SMARTnet and Service Provider Base support other products in this family For More Information For more information please visit the following links e Cisco ASA 5500 Series Adaptive Security Appliance http www cisco com go asa e Cisco Adaptive Security Device Manager http www cisco com go asdm e Cisco Security Services http www cisco com en US products svcs ps2961 ps2952 serv_group home html e Cisco ASA 5500 Series Adaptive Security Appliance Licensing Information http www cisco com en US products ps6120 products licensing information listing html Ajaj Americas Headquarters Asia Pacific Headquarters
44. p to 250 Up to 250 Interfaces 8 port 10 100 1000 2 port 10 Gigabit Ethernet SFP 8 port 10 100 1000 2 port 10 Gigabit Ethernet SFP 6 port 10 100 1000 4 port 10 Gigabit Ethernet SFP 6 port 10 100 1000 4 port 10 Gigabit Ethernet SFP Maximum Interfaces 16 port 10 100 1000 4 port 10 Gigabit Ethernet SFP requires IPS SSP 10 16 port 10 100 1000 4 port 10 Gigabit Ethernet SFP requires IPS SSP 20 12 port 10 100 1000 8 port 10 Gigabit Ethernet SFP requires IPS SSP 40 12 port 10 100 1000 8 port 10 Gigabit Ethernet SFP requires IPS SSP 60 Virtual Interfaces VLANs 1 024 1 024 1 024 1 024 Scalability VPN clustering and load balancing VPN clustering and load balancing VPN clustering and load balancing VPN clustering and load balancing High Availability Active Active and Active Standby Active Active and Active Standby Active Active and Active Standby Active Active and Active Standby Redundant Power Supported second power supply optional Supported second power supply optional Supported second power supply optional Supported Performance numbers tested and validated with Cisco ASA Software Release 8 4 1 Specifications Table 8 and 9 provides a comparison of the Cisco ASA 5505 5510 5520 5540 5550 5580 and 5585 X Adaptive Security Appliances Table 8 Characteris
45. ptive Security Appliances deliver multigigabit security services for large enterprise data center and service provider networks in a robust 4 rack unit form factor The Cisco ASA 5580 accommodates high density copper and optical interfaces with scalability from Fast Ethernet to 10 Gigabit Ethernet enabling unparalleled security and deployment flexibility Cisco ASA 5580 Adaptive Security Appliances include six interface card expansion slots with support for up to 24 Gigabit Ethernet interfaces or up to twelve 10 Gigabit Ethernet interfaces that simplify provisioning and enable campus segmentation Furthermore this high density design enables security virtualization while retaining physical segmentation desired in managed security and infrastructure consolidation applications The Cisco ASA 5580 Series is offered at two performance levels the Cisco ASA 5580 20 with 5 Gbps of real world firewall performance and the high end Cisco ASA 5580 40 with 10 Gbps of real world firewall performance Their multicore multiprocessor architecture delivers radical scalability for the most demanding network security and VPN concentration applications Real time applications can be transparently secured thanks to the extremely low latency high session concurrency and connection setup rates Businesses can scale their SSL and IPsec VPN capacity to support a larger number of mobile workers remote sites and business partners Up to 10 000 AnyConnect and or clientless
46. r Bundle includes 8 port Fast Ethernet switch 10 IPsec VPN peers 2 Premium VPN peers Data Encryption Standard DES license ASA5505 K8 Cisco ASA 5505 50 User Bundle includes 8 port Fast Ethernet switch 10 IPsec VPN peers 2 Premium VPN peers 3DES AES license ASA5505 50 BUN K9 Cisco ASA 5505 Unlimited User Bundle includes 8 port Fast Ethernet switch 10 IPsec VPN peers 2 Premium VPN peers 3DES AES license ASA5505 UL BUN K9 Cisco ASA 5505 Unlimited User Security Plus Bundle includes 8 port Fast Ethernet switch 25 IPsec VPN peers 2 Premium VPN peers DMZ stateless Active Standby high availability 3DES AES license ASA5505 SEC BUN K9 Cisco ASA 5510 Firewall Edition includes 5 Fast Ethernet interfaces 250 IPsec VPN peers 2 Premium VPN peers 3DES AES license ASA5510 BUN K9 Cisco ASA 5510 Firewall Edition includes 5 Fast Ethernet interfaces 250 IPsec VPN peers 2 Premium VPN peers DES license ASA5510 K8 Cisco ASA 5510 Security Plus Firewall Edition includes 2 Gigabit Ethernet 3 Fast Ethernet interfaces 250 IPsec VPN peers 2 Premium VPN peers Active Standby high availability 3DES AES license ASA5510 SEC BUN K9 Cisco ASA 5520 Firewall Edition includes 4 Gigabit Ethernet interfaces 1 Fast Ethernet interface 750 IPsec VPN peers 2 Premium VPN peers Active Active and Active Standby high availability 3DES AES license ASA5520 BUN K9 Cisco ASA 5520 Firewall Edition includes 4 Gigabit Et
47. romagnetic Compatibility EMC CE marking FCC Part 15 Class A AS NZS CISPR22 Class A VCCI Class A EN55022 Class A CISPR22 Class A EN61000 3 2 EN61000 3 3 Table 11 Characteristics of Cisco ASA 5585 X IPS SSP Modules Feature Cisco ASA 5585 X IPS Cisco ASA 5585 X IPS Cisco ASA 5585 X IPS Cisco ASA 5585 X IPS SSP 10 SSP 20 SSP 40 SSP 60 Steet er 3 Ee Au eee aaan IPS Throughput e 2 Gbps e 3 Gbps e 5 Gbps e 10 Gbps Technical Specifications Memory 6 GB 12 GB 24GB 48 GB Flash 2 GB 2 GB 2 GB 2 GB Environmental Operating Ranges Operating Temperature 0 to 104F 0 to 40 Relative humidity 10 to 90 percent noncondensing Nonoperating Temperature 40 to 158 F 40 to 70 Power output from Power Supply Power consumption 400W maximum Physical Specifications Dimensions H x W x D 1 70 x 17 20 x 15 60 in 4 32 x 43 69 x 39 62 cm Weight 11 5 Ib 5 2 kg Regulatory and Standards Compliance UL 60950 1 CAN CSA C22 2 No 60950 1 EN 60950 1 IEC 60950 1 AS NZS 60950 1 GB4943 Safety Electromagnetic Compatibility EMC 47CFR Part 15 CFR 47 Class A AS NZS CISPR22 Class A CISPR2 2 Class A EN55022 Class A ICES003 Class A VCCI Class A EN61000 3 2 EN61000 3 3 KN22 Class A CNS13438 Class A EN50082 1 EN55024 CISPR24 EN300386 KN 61000 4 Series Cisco ASA 5500 Series Content Security and Control Module
48. s meet the growing needs of today s most dynamic organizations The appliances combine the world s most proven firewall with the industry s most comprehensive effective IPS offering the most effective security solution in the industry to significantly decrease business risk and address regulatory compliance all in a compact 2 rack unit footprint There are four Cisco ASA 5585 models the entry level Cisco ASA 5585 X with Security Services Processor 10 SSP 10 delivers 3 Gbps of multi protocol firewall performance the Cisco ASA 5585 X with SSP 20 provides 7 Gbps of multi protocol firewall performance the Cisco ASA 5585 X with SSP 40 delivers 12 Gbps of multi protocol firewall performance and the high end Cisco ASA 5585 X with SSP 60 provides 20 Gbps of multi protocol firewall performance All four ASA 5585 X models reliably deliver exceptional scalability to meet the demanding needs of mission critical data centers The Cisco ASA 5585 X appliances can support up to 10 000 concurrent VPN sessions while delivering Separately licensed feature includes two with base system Available for the firewall feature set VPN throughput and sessions count depend on the ASA device configuration and VPN traffic patterns These elements should be taken in to consideration as part of your capacity planning 2011 Cisco and or its affiliates All rights reserved This document is Cisco Public Information Page 8 of 22 Data Sheet
49. sions 2 000 000 4 000 000 IPsec VPN Peers 10000 10000 Premium AnyConnect VPN Peer License Levels 2 10 25 50 100 250 500 750 1000 2500 5000 and 10 000 2 10 25 50 100 250 500 750 1000 2500 5000 and 10 000 Security Contexts Up to 250 Up to 250 Interfaces 2 Gigabit Ethernet management 2 Gigabit Ethernet management Interface Card Slots 6 6 Interface Card Options e 4 port 10 100 1000 RJ 45 e 4 port Gigabit Ethernet fiber SR LC e 2 port 10 Gigabit Ethernet fiber SR LC e 4 port 10 100 1000 RJ 45 e 4 port Gigabit Ethernet fiber SR LC e 2 port 10 Gigabit Ethernet fiber SR LC Virtual Interfaces VLANs 1024 1024 Scalability VPN clustering and load balancing VPN clustering and load balancing High Availability Active Active Active Standby Active Active Active Standby Redundant Power Supported second power supply optional Supported second power supply optional Performance numbers tested and validated with Cisco ASA Software Release 8 4 1 Cisco ASA 5585 X Adaptive Security Appliances Cisco ASA 5585 X Adaptive Security Appliances are tailored to meet the high performance needs of mission critical data centers and provide peace of mind with Cisco guaranteed coverage Supporting the highest VPN session counts and twice as many connections per second as competitive firewalls in its class Cisco ASA 5585 X appliance
50. t SSM enables businesses to better segment network traffic into separate security zones providing more granular security for their network environment These zones can range from the Internet to internal corporate departments sites to DMZs This high performance module supports both copper and optical connection options by including four 10 100 1000 copper RJ 45 ports and four SFP ports Businesses can choose between copper or fiber ports providing flexibility for data center campus or enterprise 2011 Cisco and or its affiliates All rights reserved This document is Cisco Public Information Page 17 of 22 Data Sheet a edge connectivity The module extends the I O profile of the Cisco ASA 5500 Series to a total of five Fast Ethernet and four Gigabit Ethernet ports on the Cisco ASA 5510 and eight Gigabit Ethernet ports and one Fast Ethernet port on Cisco ASA 5520 and 5540 appliances Table 13 Table 13 Characteristics of Cisco ASA 5500 Series 4 Port Gigabit Ethernet SSMs Feature Cisco ASA 5500 Series 4 Port GE SSM Technical Specifications Integrated LAN Ports Four 10 100 1000BASE T Integrated SFP Ports Four Gigabit Ethernet Optical SFP 1000BASE SX or LX LH transceiver supported Environmental Operating Ranges Operating Temperature 32 to 104 F 0 to 40 C Relative humidity 5 to 95 percent noncondensing Nonoperating Temperature 13 to 158 F 25 to 70 C Power consumpti
51. t choice for businesses requiring a best in class small business branch office or enterprise teleworker security solution Table 1 lists features of the Cisco ASA 5505 Table 1 Cisco ASA 5505 Adaptive Security Appliance Platform Capabilities and Capacities Feature Description Firewall Throughput Up to 150 Mbps Maximum Firewall and IPS Throughput Up to 75 Mbps with AIP SSC 5 VPN Throughput Up to 100 Mbps Concurrent Sessions 10 000 25 000 IPsec VPN Peers 10 25 Premium AnyConnect VPN Peer License Levels 2 10 or 25 Interfaces 8 port Fast Ethernet switch with dynamic port grouping including 2 PoE ports Virtual Interfaces VLANs 3 no trunking support 20 with trunking support High Availability Not supported stateless Active Standby and redundant ISP support Performance numbers tested and validated with Cisco ASA Software Release 7 2 Cisco ASA 5510 Adaptive Security Appliance The Cisco ASA 5510 Adaptive Security Appliance delivers advanced security and networking services for small and medium sized businesses and enterprise remote branch offices in an easy to deploy cost effective appliance These services can be easily managed and monitored by the integrated Cisco ASDM application thus reducing the overall deployment and operations costs associated with providing this high level of security The Cisco ASA 5510 Adaptive Security Appliance provides high performance firewall and VP
52. t greatly from Cisco Security Manager a platform capable of managing distributed deployments of hundreds of devices The Cisco ASA 5500 Series The Cisco ASA 5500 Series includes the Cisco ASA 5505 5510 5520 5540 5550 5580 and 5585 X Adaptive Security Appliances purpose built high performance security solutions that take advantage of Cisco s expertise in developing industry leading award winning security and VPN solutions Through the Cisco MPF the Cisco ASA 5500 Series brings a new level of security and policy control to applications and networks MPF enables highly customizable flow specific security policies that have been tailored to application requirements The performance and extensibility of the Cisco ASA 5500 Series is enhanced through user installable SSMs This adaptable architecture enables businesses to rapidly deploy security services when and where they are needed such as tailoring inspection techniques to specific application and user needs or adding additional intrusion prevention and content security services such as those delivered by the Adaptive Inspection and Prevention AIP and Content Security and Control CSC SSMs Furthermore the modular hardware architecture of the Cisco ASA 5500 Series along with the powerful MPF provides the flexibility to meet future network and security requirements extending the outstanding investment protection provided by the Cisco ASA 5500 Series and allowing businesses to adapt their
53. tes multiple full featured high performance security services including application aware firewall SSL and IPsec VPN IPS with Global Correlation and guaranteed coverage antivirus antispam antiphishing and web filtering services Combined with real time reputation technology these technologies deliver highly effective network and application layer security user based access control worm mitigation malware protection improved employee productivity instant messaging and peer to peer control and secure remote user and site connectivity The only IPS with market leading reputation technology Cisco IPS with Global Correlation provides twice the efficacy of legacy IPS and includes guaranteed coverage for enhanced peace of mind Offering seamless client and clientless access for a broad spectrum of desktop and mobile platforms the Cisco ASA 5585 X delivers always on secure mobility with integrated web security and IPS for policy enforcement and threat protection e Extensible integrated services architecture The Cisco ASA 5500 Series offers businesses strong adaptive protection from the fast evolving threat environment through its unique combination of hardware and software extensibility and its powerful Modular Policy Framework MPF The innovative extensible multiprocessor design and software architecture of the Cisco ASA 5500 Series enables businesses to easily install additional high performance security services through security services pr
54. tics of Cisco ASA 5505 5510 5520 5540 and 5550 Adaptive Security Appliances Feature Cisco ASA 5505 Cisco ASA 5510 Cisco ASA 5520 Cisco ASA 5540 Cisco ASA 5550 Users Nodes 10 50 or unlimited Unlimited Unlimited Unlimited Unlimited Firewall Throughput Up to 150 Mbps Up to 300 Mbps Up to 450 Mbps Up to 650 Mbps Up to 1 2 Gbps Max throughput measured under ideal test conditions VPN throughput and sessions count depend on the ASA device configuration and VPN traffic patterns These elements should be taken in to consideration as part of your capacity planning Separately licensed feature includes two SSL licenses with base system Available for the firewall feature set 2011 Cisco and or its affiliates All rights reserved This document is Cisco Public Information Page 10 of 22 Data Sheet Feature Cisco ASA 5505 Cisco ASA 5510 Cisco ASA 5520 Cisco ASA 5540 Cisco ASA 5550 Maximum Firewall and IPS Throughput e Up to 150 Mbps with AIP SSC 5 e Up to 150 Mbps with AIP SSM 10 Up to 300 Mbps with AIP SSM 20 Up to 225 Mbps with AIP SSM 10 e Up to 375 Mbps with AIP SSM 20 e Up to 450 Mbps with AIP SSM 40 Up to 500 Mbps with AIP SSM 20 Up to 650 Mbps with AIP SSM 40 Not available 3DES AES VPN Up to 100 Mbps Up to 170 Mbps Up to 225 Mbps Up to 325 Mbps Up to 425 Mbps Throughput IPsec VPN Peers 10 25 250 750 5000 5000 Premium
55. urity Contexts Up to 5 Interfaces 5 Fast Ethernet ports 2 Gigabit Ethernet 3 Fast Ethernet Virtual Interfaces VLANs 50 100 Scalability VPN clustering and load balancing High Availability Not supported Active Active Active Standby Performance numbers tested and validated with Cisco ASA Software Release 7 2 Cisco ASA 5520 Adaptive Security Appliance The Cisco ASA 5520 Adaptive Security Appliance delivers security services with Active Active high availability and Gigabit Ethernet connectivity for medium sized enterprise networks in a modular high performance appliance With four Gigabit Ethernet interfaces and support for up to 100 VLANs businesses can easily deploy the Cisco ASA 5520 into multiple zones within their network The Cisco ASA 5520 Adaptive Security Appliance scales with businesses as their network security requirements grow delivering solid investment protection Businesses can extend their SSL and IPsec VPN capacity to support a larger number of mobile workers remote sites and business partners Up to 750 AnyConnect and or clientless VPN peers can be supported on each Cisco ASA 5520 by installing an Essential or a Premium AnyConnect VPN license 750 IPsec VPN peers are supported on the base platform VPN capacity and resiliency can be increased by taking advantage of the Cisco ASA 5520 s integrated VPN clustering and load balancing capabilities The Cisco ASA 5520 supports up to 10 appliances in a Upgrade avail
56. vanced Inspection and Prevention Security Services Card 5 AIP SSC 5 ASA SSC AIP 5 K9 Cisco ASA Advanced Inspection and Prevention Security Services Module 10 AIP SSM 10 ASA SSM AIP 10 K9 Cisco ASA Advanced Inspection and Prevention Security Services Module 20 AIP SSM 20 ASA SSM AIP 20 K9 Cisco ASA 5500 Series Advanced Inspection and Prevention Security Services Module 40 AIP SSM 40 ASA SSM AIP 40 K9 Cisco ASA Content Security and Control Security Services Module 10 CSC SSM 10 with 50 user antivirus antispyware 1 year subscription ASA SSM CSC 10 K9 Cisco ASA Content Security and Control Security Services Module 20 CSC SSM 20 with 500 user antivirus antispyware 1 year subscription ASA SSM CSC 20 K9 Cisco ASA 4 Port Gigabit Ethernet Security Services Module SSM 4GE Cisco ASA 5580 Series Interface Expansion Cards Cisco ASA 5580 4 port 10 100 1000 Ethernet interface card RJ 45 ASA5580 4GE CU Cisco ASA 5580 4 port Gigabit Ethernet fiber interface card SR LC ASA5580 4GE Fl Cisco ASA 5580 2 port 10 Gigabit Ethernet fiber interface card SR LC ASA5580 2X10GE SR Cisco ASA 5585 X Security Services Processors and IPS Security Services Processors Cisco ASA 5585 X Security Services Processor 10 SSP 10 ASA SSP 10 K8 Cisco ASA 5585 X Security Services Processor 20 SSP 20 ASA SSP 20 K8 Cisco ASA 5585 X Security Services Processor 40 SSP 40
Download Pdf Manuals
Related Search