Ciscos Current Mid-range ASA ProductPortfolio (Benetton) ASA
5510 300 Mbps Firewall Throughput Shipping since 2005 ASA 5520 450
Mbps Firewall Throughput Firewalls of choice for ASA 5540 small
businesses and 650 Mbps Firewall Throughput large enterprises alike
ASA 5550 1.2 Gbps Firewall Throughput
Next-Generation Security ServicesPlatforms5 new models to meet
varied throughput demandsASA 5512-X 1. Multi-Gig Performance1 Gbps
Firewall Throughput To meet growing throughput requirementsASA
5515-X 2. Accelerated Integrated1.2 Gbps Firewall Throughput
Services (no extra hardwareASA 5525-X required)2 Gbps Firewall
Throughput To support changing business needsASA 5545-X 3. Next-gen
services enabled3 Gbps Firewall Throughput platform To provide
investment protectionASA 5555-X4 Gbps Firewall Throughput
Cisco ASA 5500 Series Portfolio Comprehensive Solutions from
SOHO to the Data Center ASA 5585-X SSP-60 (40 Gbps, 350K cps) ASA
5585-X SSP-40 (20 Gbps, 200K cps) ASA 5585-X SSP-20 (10 Gbps, 125K
cps) Multi-ServicePerformance and Scalability (Firewall/VPN and
IPS) ASA 5585-X SSP-10 ASA 5555-X (4 Gbps, 50K cps) (4 Gbps,50K
cps) ASA 5545-X NEW (3 Gbps,30K cps) ASA 5525-X (2 Gbps,20K cps)
NEW ASA 5550 ASA 5515-X (1.2 Gbps,15K cps) (1.2 Gbps, 36K cps) NEW
ASA 5512-X (1 Gbps, 10K cps) ASA 5540 Firewall/VPN Only NEW (650
Mbps, 25K cps) ASA 5520 NEW (450 Mbps, 12K cps) ASA 5510 + ASA 5510
(300 Mbps, 9K cps) (300 Mbps, 9K cps) ASA 5505 (150 Mbps, 4K cps)
SOHO Branch Office Internet Edge Campus Data Center
Next Generation ASA Mid-Range AppliancesAt-A-Glance ASA 5500-X
H/W Features Customer Benefits 64Bit Multi-Core Processor Up to
16GB of Memory Performance Built-In Multi-Core Crypto Accelerator
Density Hardware Flexibility Dedicated IPS Hardware Acceleration
Card Integrated Services Up to 14 1GE Ports Management
Consolidation Copper & Fiber I/O options Firewall, VPN &
IPS Services Dedicated OOB Management Port
Hardware Short Chassis (5512-X, 5515-X & 5525-X) -- Fixed
Single Power Supply 14 Hot-Swappable Hard-Disk drive bays 19Long
Chassis (5545-X & 5555-X) Fan vent for front-to-back --
Hot-Swappable redundant dual power-supply airflow
ASA 5512-X/ASA 5515-X Back Panel Dedicated Mgmt Port (1GE)
Status LEDsI/O Expansion Slot Serial Console Fixed Power Supply 6 x
1GE Cu Ports USB Port
ASA 5525-X/ASA 5545-X Back Panel Dedicated Mgmt Port (1GE)
Serial Console 8 x 1GE Cu Ports Fixed Power Supply Status LEDs USB
PortI/O Expansion Slot Dedicated Mgmt Port (1GE) Redundant Status
LEDs 8 x 1GE Cu Ports Serial Console Hot Swappable PSUI/O Expansion
Slot USB Port
Physical Specifications Height Width Depth Weight 5512-X 5515-X
1.67 16.7 15.6 13.38 Kg 5525-X 5525-X 1.67 16.7 15.6 14.92 Kg
5545-X 1.67 16.7 19.1 16.82 Kg 5555-X
Environmental Specifications Operating: 0C - +40C Temperature
Non-Operating: -30C to +70C Non-Operating: 5% to 95% Humidity Range
RH(non-condensing) Operating: 0 to 3024M Altitude Non-Operating: Up
to 4572M Airflow Front to Back
Optional AccessoriesRedundant Power Supply Works in
load-sharing mode when both PSUs are present. Power Supply
Specifications Input Rating: 100 ~ 120V / 5A 200 ~ 240V / 2.5A
Leakage Current: 3.5mA Operating Power: 382 W Power Cord Rating: 10
A Models Power Supply ASA 5545-X ASA-PWR-AC ASA-PWR-AC= ASA
5555-X
ASA 5500-X I/O Module Options Available on all 5500-XI/O
expansion card are available in two flavors platforms 6 Port
10/100/1000 Base T , RJ45 Connector I/O NIC Card 6 Port 1GbE SFP
Connector I/O NIC Card
Interface Options Platform I/O CARD GbE (Cu) I/O CARD SFP Total
Data Ports5512-X,5515-X ASA-IC-6GE-CU-A ASA-IC-6GE-SFP-A 12
ASA-IC-6GE-CU-A= ASA-IC-6GE-SFP-A=5525-X ASA-IC-6GE-CU-B
ASA-IC-6GE-SFP-B 14 ASA-IC-6GE-CU-B= ASA-IC-6GE-SFP-B=5545-X,
5555-X ASA-IC-6GE-CU-C ASA-IC-6GE-SFP-C 14 ASA-IC-6GE-CU-C=
ASA-IC-6GE-SFP-C= Short Reach Optics* Long Reach Optics* GLC-SX-MM
GLC-LH-SM GLC-SX-MMD GLC-LH-SMD
Saleen ASA Platform MatrixSpecification ASA 5512-X ASA 5515-X
ASA 5525-X ASA 5545-X ASA 5555-XPlatform Base 1RU Short chassis 1RU
Short chassis 1RU Short 1RU Long chassis 1RU Long chassis chassis
19 Rack 19 Rack 19 Rack Mountable 19 Rack Mountable Mountable
Mountable 19 Rack MountableCPU 1x 2.8 Ghz Intel 1 x 3.06 Ghz Intel
1x 2.40 Ghz Intel 1x 2.66 Ghz Intel 1x 2.80 Ghz Intel 2C/2T 2C/4T
4C/4T 4C/8T 4C/8TDRAM 4GB 8 GB 8GB 12GB 16GBRegex Accel N/A N/A 1 1
1Mezz CardCompact Flash 4GB eUSB 8GB eUSB 8GB eUSB 8GB eUSB 8GB
eUSBI/O Ports 6 x 1GbE Cu 6 x 1GbE Cu 8 x 1GbE Cu 8 x 1GbE Cu 8 x
1GbE Cu 1 x 1GbE Cu Mgmt 1 x 1GbE Cu Mgmt 1 x 1GbE Cu 1 x 1GbE Cu
Mgmt 1 x 1GbE Cu Mgmt MgmtOptional I/O 6 x 1GbE Cu or 6 x 6 x 1GbE
Cu or 6 x 6 x 1GbE Cu or 6 6 x 1GbE Cu or 6 x 6 x 1GbE Cu or 6
xModule 1GbE SFP 1GbE SFP x 1GbE SFP 1GbE SFP 1GbE SFPPower Single
Fixed AC Single Fixed AC Single Fixed AC Dual Hot-Swappable Dual
Hot-Swappable Power Supply Power Supply Power Supply Redundant AC
Redundant AC Power Supply Power SupplyCrypto Capacity 1 x Crypto
Chip 1 x Crypto Chip 1 x Crypto Chip 1 x Crypto Chip 1 x Crypto
Chip 4C 4C 4C 8C 8C
Saleen hardware comparison withASA 5510 ASA 5550 ASA 5510 ASA
5550 ASA 5512-X ASA 5555-X Single Core CPU Multi-Core CPU 1GB to
4GB DDR1 RAM 4GB to 16GB DDR3 RAM Base I/O ports limited to 4 x
1GbE Base I/O ports up to 8 x 1GbE Copper Copper interfaces
interfaces 4 x 1GbE I/O port expansion module 6 x 1GbE Copper or
fiber SFP I/O expansion module IPS on SSM card Integrated IPS
service within the same chassis N/A Redundant Hot-Swappable power
supply units N/A Regex accelerator card N/A Hard Disk Support
ASA 5512-X versus ASA 5510 ASA ASA Price 5510 $3,495 5512-X
$3,995 Key Changes Firewall Throughput (Max) 300 Mbps 1 Gbps
Firewall Throughput (EMIX) Not Measured 500 Mbps Performance IPS
Throughput (Media Rich) 150 Mbps 300 Mbps 4X Firewall Throughput
VPN Throughput 170 Mbps 200 Mbps Increased IPS, VPN Throughput
Connections (Max) 50,000 100,000 Connections per second 9,000
10,000 Hardware VLANs 50 50 Multi-core instead of Single-core
Security Contexts (Incl/Max) 0/0 0/0 CPUs High Availability &
VPN Clustering No No 4X Memory IPS, VPN, Content IPS, VPN, next-gen
Dedicated Management port Services Security services* No
restriction Additional (+1) integrated I/O ports IPS, Content
Security, Service Restriction I/O expansion mutually (multiple
services run at same time in Additional (+2) expansion I/O ports
exclusive software) GE instead of FE ports Site-2-Site/IPSec IKEv1
Client Expansion slot now only for I/O Sessions
/AnyConnect/Clientless VPN 250 250 Sessions Expansion Integrated
Network I/O 5 FE 6 GE Dedicated Management Port No Yes (GE)
Services Expansion IO 4-port GE , 4-port GE SFP 6-port GE CU ,
6-port GE SFP IPS does not require hardware CPU Single-Core
Multi-Core module RAM 1 GB 4 GB Next-gen services ready* Content
Security Service to be made available as Scansafe-connector on
ASA;Next-Gen services can be added without requiring additional
hardware module
ASA 5515-X versus ASA 5510+ ASA ASA Price 5510+ $4,495 5515-X
$4,995 Key Changes Firewall Throughput (Max) 300 Mbps 1.2 Gbps
Firewall Throughput (EMIX) Not Measured 600 Mbps Security Plus
License Not Required IPS Throughput (Media Rich) 300 Mbps 400 Mbps
VPN Throughput 170 Mbps 250 Mbps Performance Connections (Max)
100,000 250,000 4X Firewall Throughput Connections per second 9,000
15,000 Increased IPS, VPN Throughput VLANs 100 100 Security
Contexts (Incl/Max) 2/20 2/20 Hardware High Availability & VPN
Clustering Yes Yes Multi-core instead of Single-core CPUs Services
IPS, VPN, Content Security IPS, VPN, next- gen services 8X Memory
No restriction Dedicated Management port IPS, Content Security,
Service Restriction I/O expansion (multiple services Additional
(+1) integrated I/O ports run at same time in mutually exclusive
software) Additional (+2) expansion I/O ports Site-2-Site/IPSec
IKEv1 Client All GE ports instead of FE ports Sessions
/AnyConnect/Clientless 250 250 VPN Sessions Expansion slot now only
for I/O Integrated Network I/O 2GE, 3FE 6 GE Expansion Dedicated
Management port No Yes (GE) Expansion IO 4-port GE , 6-port GE CU ,
Services 4-port GE SFP 6-port GE SFP CPU Single-core Multi-core IPS
does not require hardware module RAM 1 GB 8 GB Next-gen services
ready* Content Security Service to be made available as
Scansafe-connector on ASA;Next-Gen services can be added without
requiring additional hardware module
ASA 5525-X versus ASA 5520 ASA ASA Price 5520 $7,995 5525-X
$8,995 Key Changes Firewall Throughput (Max) 450 Mbps 2 Gbps
Firewall Throughput (EMIX) Not Measured 1 Gbps Performance IPS
Throughput (Media Rich) 450 Mbps 600 Mbps 4X Firewall Throughput
VPN Throughput 225 Mbps 300 Mbps Increased IPS, VPN Throughput
Connections (Max) 280,000 500,000 Connections per second 12,000
20,000 Hardware VLANs 150 200 Multi-core instead of Single-core
Security Contexts (Incl/Max) 2/20 2/20 CPUs High Availability &
VPN Clustering Yes Yes 4X Memory Services IPS, VPN, Content
Security IPS, VPN, next- gen services* Dedicated Management port
IPS, Content No restriction Additional (+3) integrated I/O ports
Service Restriction Security, I/O (multiple services Additional
(+2) expansion I/O ports expansion mutually run at same time
exclusive in software) Expansion slot now only for I/O
Site-2-Site/IPSec IKEv1 Client Expansion Sessions
/AnyConnect/Clientless 750 750 VPN Sessions Integrated Network I/O
4 GE + 1 FE 8 GE Services Dedicated Management port No Yes (GE) IPS
does not require hardware Expansion IO 4-port GE , 6-port GE CU ,
module 4-port GE SFP 6-port GE SFP CPU Single-Core Multi-Core
Next-gen services ready RAM 2 GB 8 GB* Content Security Service to
be made available as Scansafe-connector on ASA;Next-Gen services
can be added without requiring additional hardware module
ASA 5545-X versus ASA 5540 ASA ASA Price 5540 $16,995 5545-X
$17,995 Key Changes Firewall Throughput (Max) 650 Mbps 3 Gbps
Firewall Throughput (EMIX) Not Measured 1.5 Gbps Performance IPS
Throughput (Media Rich) 650 Mbps 900 Mbps 4X Firewall Throughput
VPN Throughput 325 Mbps 400 Mbps Increased IPS, VPN Throughput
Connections (Max) 400,000 750,000 Connections per second 25,000
30,000 Hardware VLANs 200 300 Multi-core instead of Single-core
Security Contexts (Incl/Max) 2/50 2/50 CPUs High Availability &
VPN Clustering Yes Yes 6X Memory Services IPS, VPN, Content
Security IPS, VPN, next-gen services* Dedicated Management port
IPS, Content Security, I/O No restriction (multiple Additional (+3)
integrated I/O ports Service Restriction expansion mutually
services run at same time Additional (+2) expansion I/O ports
exclusive in software) Site-2-Site/IPSec IKEv1 Client Expansion
slot now only for I/O 5000/ Sessions /AnyConnect/Clientless 2500
2500 Expansion VPN Sessions Integrated Network I/O 4 GE + 1 FE 8 GE
Dedicated Management port No Yes (GE) Services 4-port GE , 4-port
GE 6-port GE CU , IPS does not require hardware Expansion IO SFP
6-port GE SFP module CPU Single-Core Multi-Core Next-gen services
ready RAM 2 GB 12 GB Redundant Power No Yes* Content Security
Service to be made available as Scansafe-connector on ASA;Next-Gen
services can be added without requiring additional hardware
module
ASA 5555-X versus ASA 5550 ASA ASA Price 5550 $19,995 5555-X
$24,995 Key Changes Firewall Throughput (Max) 1.2 Gbps 4 Gbps
Firewall Throughput (EMIX) Not Measured 2 Gbps Performance IPS
Throughput (Media Rich) Not Applicable 1.3 Gbps 4X Firewall
Throughput VPN Throughput 425 Mbps 700 Mbps Increased IPS, VPN
Throughput Connections (Max) 600,000 1,000,000 Connections per
second 36,000 50,000 Hardware VLANs 400 500 Multi-core instead of
Single-core Security Contexts (Incl/Max) 2/100 2/100 CPUs High
Availability & VPN Yes Yes 4X Memory Clustering IPS, VPN,
next-gen Dedicated Management port Services VPN only services*
Expansion I/O now available Site-2-Site/IPSec IKEv1 Client Sessions
5000 5000 /AnyConnect/Clientless VPN Services Sessions IPS does not
require hardware Integrated Network I/O 8 GE + 1 FE 8 GE module
Dedicated Management port No Yes (GE) Not Available 6-port GE CU ,
Next-gen services ready Expansion IO 6-port GE SFP CPU Single-Core
Multi-Core RAM 4 GB 16 GB Redundant Power No Yes* Content Security
Service to be made available as Scansafe-connector on ASA;Next-Gen
services can be added without requiring additional hardware
module
Licensing ChangesASA Licensing New Feature IPS Module A new
licensing feature was introduced to enable the use of the IPS
Software Module. Traffic destined to IPS will be dropped by ASA if
this license is not enabled AND fail- close is configured. IPS
Signature Update license is required on top of the above license.
All other license features remain unchanged and are based on ASA
8.4.2 software.
Enabling IPS Service
ASA Management Model Dedicated Out-Of-Band management port M0/0
Failover & VLAN sub-interface features are not configurable on
M0/0 ASA and integrated IPS management are independent of each
other. Management model is similar to previous ASA/SSM appliances
ASA and IPS software module have separate management IP addresses
but share the same physical port M0/0 for outbound connectivity ASA
can log IPS modules console messages show module 1 log console ASA
configures and manages all external data ports
ASA and IPS Management Model (1/2) Similarities with SSM/SSP
ASA and IPS are managed very similar to previous SSM/SSP
deployments. ASA is used to recover, reload, shutdown, etc. IPS.
ASA is used to configure service-policies to pass traffic to IPS.
ASA and IPS have unique IP addresses for management purposes. ASDM,
IME, and IDM behave the same.
ASA and IPS Management Model (2/2) Differences with SSM/SSP ASA
and IPS share the only dedicated management port on the box. IPS
must use the dedicated management port. However, ASA can use any
port on the box to manage the system. When ASA and IPS are sharing
the dedicated management port then the IP address for ASA and IPS
should be within the same subnet. The IPS image stored on the
embedded flash is used to recover the software module instead of
downloading the image over the SSM/SSP dedicated management
port.
Management Software SupportASDM 6.6.1.14 and above7.2.1 IME
Software andabove
Cisco Security Manager 4.3 Unified and comprehensive Firewall,
VPN and IPS management Upcoming ReleaseDevice View Policy View
Event View Map View Saleen H/W support 2006 Cisco Systems, Inc. All
rights reserved. Cisco Confidential Presentation_ID 3
Sample BOMs (Firewall + IPS + Options) Ordering Tip: With IPS,
always start with ASAxxx-IPS-K9
Sample BOMs (Firewall + IPS + Options) Ordering Tip: With IPS,
always start with ASAxxx-IPS-K9
IPS 43xx Series Mid-Range Appliances
IPS 43xx Back Panel Single I/O Expansion slot 4360: Dual
Power-Supply Single I/O Expansion slot USB Ports 8x 1GbE ports
Single Mgmt Port (numbered left-to-right) Serial Console Port
IPS 43xx Platform Matrix
Hardware Comparison with IPS 4240,IPS 4255 and IPS 4260
High-Performance and Resiliencyfeatures on IPS 43xx Series
SMP-enabled Kernel 64-bit architecture Environment Monitoring
Jumbo-Frame support Flow Control support Hardware Regex Accelerator
support for IPS string-XL engine
IPS Software IPS SSP module are based on 7.1(4) release
Platform support for new hardware Based on ASA 5585-X line of code
Supports existing E4 Engine Update Supports all latest Signature
Updates Sig S615 is bundled with Saleen images. 7.1.4 IDM version
included with the IPS image. 7.2.1 IME version provides full
support. CSM support with version 4.3 IPS 7.1(4) version supports
all X platforms (including 5585-X) Additional CFD bug fixes and a
few serviceability enhancements also included in this version.
