This post is about Cisco Firewalls. It aggregates available information from datasheets published by Cisco. The ASA in Cisco ASA stands for Adaptive Security Appliance. We suggest that you read the following two posts before continuing to read this post:

All Things about Firewall

Hardware Firewalls

In fact, Cisco ASA is a security device that combines firewall, antivirus, antispam, IDS/IPS engine, IPsec VPN, SSL VPN, anti-phishing, and web filtering, and content inspection capabilities. Of course, there are all these capabilities in ASA Gen2 models (Cisco ASA 5500 series) and older models (Legacy ASA) may have not all these features.

The ASA 5500 series has the following models:

  • Cisco ASA 5505
  • Cisco ASA 5510
  • Cisco ASA 5520
  • Cisco ASA 5525-X
  • Cisco ASA 5540
  • Cisco ASA 5550
  • Cisco ASA 5580-20
  • Cisco ASA 5580-40

So in this post we will discuss the 5500 series. This article is a summary from of the Cisco.com website. For more info please refer to Cisco ASA 5500 Series Adaptive Security Appliances Data Sheet

 

 

ASA 5500 Series 

This Series deliver a robust suite of highly integrated, market-leading security services for small and medium-sized businesses (SMBs), enterprises, and service providers. The Cisco ASA 5500 Series provides intelligent threat defense that stops attacks before they penetrate the network perimeter, controls network and application activity, and delivers secure remote access and site-to-site connectivity.

  • This Series offers businesses strong, adaptive protection from the fast-evolving threat environment through its unique combination of hardware and software extensibility and its powerful Modular Policy Framework (MPF).
  • This series enables standardization on a single platform to reduce the overall operational cost of security. A common environment for configuration simplifies management and reduces training costs for staff, while the common hardware platform of the series reduces sparing costs.
  • The graphical Cisco Adaptive Security Device Manager (ASDM), a comprehensive command line interface (CLI), verbose syslog, and Simple Network Management Protocol (SNMP) support round out a rich complement of management options. Multi-unit deployments benefit greatly from Cisco Security Manager, a platform capable of managing distributed deployments of 5 to 5000 devices.
  • The performance and extensibility of the Cisco ASA 5500 Series enables businesses to rapidly deploy security services when and where they are needed, such as tailoring inspection techniques to specific application and user needs or adding additional intrusion prevention and content security services such as those delivered by the Adaptive Inspection and Prevention (AIP) and Content Security and Control (CSC) SSMs.
  • All Cisco ASA 5500 Series appliances include maximum IPsec VPN users on the base system; SSL VPN is licensed and purchased separately.

 

ASA 5505 ASA 

This model is a next-generation, full-featured security appliance for small business, branch office, and enterprise teleworker environments. This model has these features and capabilities:

  • Minimizing operations costs for businesses
  • Supporting Cisco IP phones and voice over IP (VoIP) capabilities
  • Supporting external wireless access points
  • Supporting DMZ network
  • Firewall Throughput: Up to 150 Mbps
  • Maximum Firewall and IPS Throughput: Up to 75 Mbps with AIP SSC-5
  • VPN Throughput: Up to 100 Mbps
  • Concurrent Sessions: 10,000 ( and 25,000 of course with Security Plus license)
  • IPsec VPN Peers: 10 ( and 25 of course with Security Plus license)
  • Ports: 8-port Fast Ethernet switch with dynamic port grouping (including 2 PoE ports)
  • Virtual Interfaces (VLANs): 3 (no trunking support) / 20 (with trunking support with Security Plus license)
  • High Availability: Not supported, ( Stateless Active/Standby and redundant ISP support with Security Plus license)

 

ASA 5510 

This model delivers advanced security and networking services for small and medium-sized businesses and enterprise remote/branch offices in an easy-to-deploy, cost-effective appliance. This model has these features and capabilities:

  • Minimizing operations costs for businesses
  • Supporting Cisco IP phones and voice over IP (VoIP) capabilities
  • Supporting external wireless access points
  • Supporting DMZ network
  • Firewall Throughput: Up to 300 Mbps
  • Maximum Firewall and IPS Throughput: Up to 150 Mbps with AIP SSM-10, and Up to 300 Mbps with AIP SSM-20
  • VPN Throughput: Up to 170 Mbps
  • Concurrent Sessions: 50,000 (and 130,000 of course with Security Plus license)
  • IPsec VPN Peers: 250
  • SSL VPN Peer License Levels: 2, 10, 25, 50, 100, or 250
  • Security Contexts: Up to 5
  • Ports: 5 Fast Ethernet ports; 2 Gigabit Ethernet + 3 Fast Ethernet
  • Virtual Interfaces (VLANs): 50 (and 100 of course with Security Plus license)
  • Scalability: VPN clustering and load balancing
  • High Availability: Not supported, (Active/Active and Active/Standby with Security Plus license)

 

ASA 5520 

This model delivers security services with Active/Active high availability and Gigabit Ethernet connectivity for medium-sized enterprise networks in a modular, high-performance appliance. With four Gigabit Ethernet interfaces and support for up to 100 VLANs, businesses can easily deploy the Cisco ASA 5520 into multiple zones within their network.

This model has these features and capabilities:

  • Minimizing operations costs for businesses
  • Supporting Cisco IP phones and voice over IP (VoIP) capabilities
  • Supporting external wireless access points
  • Supporting DMZ network
  • Firewall Throughput: Up to 450 Mbps
  • Maximum Firewall and IPS Throughput: Up to 225 Mbps with AIP SSM-10, Up to 375 Mbps with AIP SSM-20, Up to 450 Mbps with AIP SSM-40
  • VPN Throughput: Up to 225 Mbps
  • Concurrent Sessions: 280,000
  • IPsec VPN Peers: 750
  • SSL VPN Peer License Levels: 2,10, 25, 50, 100, 250, 500, or 750
  • Security Contexts: Up to 20
  • Ports: 4 Gigabit Ethernet ports and 1 Fast Ethernet port
  • Virtual Interfaces (VLANs): 150
  • Scalability: VPN clustering and load balancing
  • High Availability: Active/Active, Active/Standby

 

ASA 5540 

This firewall delivers high-performance, high-density security services with Active/Active high availability and Gigabit Ethernet connectivity for medium-sized and large enterprise and service-provider networks, in a reliable, modular appliance.

This model has these features and capabilities:

  • Minimizing operations costs for businesses
  • Supporting Cisco IP phones and voice over IP (VoIP) capabilities
  • Supporting external wireless access points
  • Supporting DMZ network
  • Firewall Throughput: Up to 650 Mbps
  • Maximum Firewall and IPS Throughput: Up to 500 Mbps with AIP SSM-20, Up to 650 Mbps with AIP SSM-40
  • VPN Throughput: Up to 325 Mbps
  • Concurrent Sessions: 400,000
  • IPsec VPN Peers: 5000
  • SSL VPN Peer License Levels: 2, 10, 25, 50, 100, 250, 500, 750, 1000, and 2500
  • Security Contexts: Up to 50
  • Ports: 4 Gigabit Ethernet ports and 1 Fast Ethernet port
  • Virtual Interfaces (VLANs): 200
  • Scalability: VPN clustering and load balancing
  • High Availability: Active/Active, Active/Standby

 

 

—————————–

Source:

This article is a summary from of the Cisco.com website.

For more info please refer to Cisco ASA 5500 Series Adaptive Security Appliances Data Sheet

 

 

ASA 5550 

This model delivers gigabit-class security services with Active/Active high availability and fiber and Gigabit Ethernet connectivity for large enterprise and service-provider networks in a reliable, 1-rack-unit form factor. The system provides a total of 12 Gigabit Ethernet ports, of which only 8 can be in service at any time. Businesses can choose between copper or fiber connectivity, providing flexibility for data center, campus, or enterprise edge connectivity.

This model has these features and capabilities:

  • Minimizing operations costs for businesses
  • Supporting Cisco IP phones and voice over IP (VoIP) capabilities
  • Supporting external wireless access points
  • Supporting DMZ network
  • Firewall Throughput: Up to 1.2 Gbps
  • VPN Throughput: Up to 425 Mbps
  • Concurrent Sessions: 650,000
  • IPsec VPN Peers: 5000
  • SSL VPN Peer License Levels: 2, 10, 25, 50, 100, 250, 500, 750, 1000, 2500, and 5000
  • Security Contexts: Up to 50
  • Ports: 8 Gigabit Ethernet ports, 4 SFP fiber ports, and 1 Fast Ethernet port
  • Virtual Interfaces (VLANs): 250
  • Scalability: VPN clustering and load balancing
  • High Availability: Active/Active, Active/Standby

 

ASA 5580 

This series are offered at two performance levels:

  1. Cisco ASA 5580-20 with 5 Gbps of real-world firewall performance
  2. Cisco ASA 5580-40 with 10 Gbps of real-world firewall performance

These firewalls deliver multigigabit security services for large enterprise, data center, and service-provider networks in a robust, 4-rack-unit form factor. The Cisco ASA 5580 accommodates high-density copper and optical interfaces with scalability from Fast Ethernet to 10Gigabit Ethernet, enabling unparalleled security and deployment flexibility.

Both level have these features:

  • Minimizing operations costs for businesses
  • Supporting Cisco IP phones and voice over IP (VoIP) capabilities
  • Supporting external wireless access points
  • Supporting DMZ network

ASA 5580-20 has these features and capabilities:

  • Firewall Throughput: 5 Gbps (real-world HTTP), 10 Gbps (jumbo frames)
  • VPN Throughput: 1 Gbps
  • Concurrent Sessions: 1,000,000
  • IPsec VPN Peers: 10000
  • SSL VPN Peer License Levels: 2, 10, 25, 50, 100, 250, 500, 750, 1000, 2500, 5000, and 10,000
  • Concurrent Connections: 1000000
  • Security Contexts: Up to 50
  • Ports: 2 Gigabit Ethernet management
  • Interface Card Slots: 6
  • Interface Card Options: 4 Port 10/100/1000, RJ45, 4 Port Gigabit Ethernet fiber, SR, LC, 2 Port 10Gigabit Ethernet fiber, SR, LC
  • Virtual Interfaces (VLANs): 100
  • Scalability: VPN clustering and load balancing
  • High Availability: Active/Active, Active/Standby
  • Redundant Power: Supported, second power supply optional

And ASA 5580-40 has these features and capabilities:

  • Firewall Throughput: 10 Gbps (real-world HTTP), 20 Gbps (jumbo frames)
  • VPN Throughput: 1 Gbps
  • Concurrent Sessions: 2,000,000
  • IPsec VPN Peers: 10000
  • SSL VPN Peer License Levels: 2,10, 25, 50, 100, 250, 500, 750, 1000, 2500, 5000, and 10,000
  • Concurrent Connections: 2000000
  • Security Contexts: Up to 50
  • Ports: 2 Gigabit Ethernet management
  • Interface Card Slots: 6
  • Interface Card Options: 4 Port 10/100/1000, RJ45, 4 Port Gigabit Ethernet fiber, SR, LC, 2 Port 10Gigabit Ethernet fiber, SR, LC
  • Virtual Interfaces (VLANs): 100
  • Scalability: VPN clustering and load balancing
  • High Availability: Active/Active, Active/Standby
  • Redundant Power: Supported, second power supply optional

 

 

ITperfection, Cisco ASA firewalls, Comparission

 

What’s Security Context? 

It is a virtual firewall. Each context allows for its own set of rules and default policies. Security Contexts are sold in quantities of 5, 10, 20, 50, and 100 and cannot be stacked.

 

 

—————————–

Source:

This article is a summary from of the Cisco.com website.

For more info please refer to Cisco ASA 5500 Series Adaptive Security Appliances Data Sheet

 

 

Our posts about hardware firewalls:

pfSense Firewall
SonicWall Firewall
Watchguard Firewall