Firewall Network Security - Cisco ASA 5500 Series SSL/IPsec VPN Edition



The Cisco® ASA 5500 Series Adaptive Security Appliance is a purpose-built platform that combines best-in-class security and VPN services for small and medium-sized business (SMB) and enterprise applications. The Cisco ASA 5500 Series enables customization for specific deployment environments and options, with special product editions for SSL/IPsec VPN, Firewall Network Security, Content Security, and Intrusion Prevention.
The Cisco ASA 5500 Series SSL/IPsec VPN Edition enables organizations to gain the connectivity and cost benefits of Internet transport without compromising the integrity of corporate security policies. By converging Secure Sockets Layer (SSL) and an IP Security (IPsec) VPN service with comprehensive threat defense technologies, the Cisco VPN client delivers highly customizable network access tailored to the requirements of diverse deployment environments while providing advanced endpoint and network-level security (Figure 1).
Figure 1. A Customizable VPN Service for any Deployment Scenario
firewall network security

Cisco ASA 5500 Series SSL/IPSEC VPN Edition

The Cisco ASA 5500 Series SSL/IPsec VPN Edition offers flexible VPN technologies for any connectivity scenario, with scalability up to 5000 concurrent users per device. It provides easy-to-manage, full-tunnel network access through SSL, Datagram Transport Layer Security (DTLS), IPsec VPN client technologies, advanced clientless SSL VPN capabilities, and network-aware site-to-site VPN connectivity, enabling secure connections across public networks to mobile users, remote sites, contractors, and business partners. Costs associated with VPN deployment and operations are reduced by eliminating ancillary equipment required to scale and secure a VPN.

Benefits of the Cisco ASA 5500 Series SSL/IPsec VPN Edition include:

firewall network security Network remote access
cisco vpn client User connectivity
vpn service Superior clientless network access
firewall network security Network-aware Site-to-Site VPNs
vpn service Threat-protected VPN
cisco vpn client Cost-effective VPN service and operations
firewall network security Scalability and resiliency

Customizable Remote-Access VPN Features


Find out more about the Cisco VPN client remote-access features by clicking on the links in the table below:
Feature   Included
Cisco AnyConnect VPN Client Features
Optimised Network Access
firewall network security
Broad Operating System Support vpn service
cisco vpn client
Deployment and Connection Options firewall network security
cisco vpn client
Ease of Client Administration firewall network security
vpn service
Consistent User Experience firewall network security
firewall network security
Advanced IP Network Connectivity firewall network security
firewall network security
Clientless Network Access
Broad, Reliable Compatibility
firewall network security
Integrated Clientless Application Optimisation
firewall network security
Customisable User Experience
firewall network security
Fully Clientless Citrix Access
firewall network security
Integrated Client/Server Application Support
firewall network security
Support for Common Thick-Client Applications
firewall network security
Broad Browser Support
firewall network security
Advanced IP Network Connectivity
firewall network security
Comprehensive Authentication and Authorisation Choices
Authentication Options
firewall network security
Sophisticated Authorisation
vpn service
Single Sign On (SSO) for Clientless SSL VPN Users
cisco vpn client

Threat-Protected VPN Service

The Cisco ASA 5500 Series SSL/IPsec VPN Edition provides advanced security for VPN deployments through its integrated network and endpoint security technologies. Securing the VPN is necessary to ensure it prevents network attacks such as worms, viruses, spyware, keyloggers, Trojan horses, rootkits, or hacking. Detailed application and access control policy helps ensure that individuals and groups of users have access only to the applications and network services to which they are entitled (Figure 2).
Figure 2. Threat-Protected VPN Services Use Onboard Security to Protect Against VPN Threats
firewall network security

Network Security at the VPN Gateway

Worms, viruses, application-embedded attacks, and application abuse are among the greatest security challenges in today's networks. Remote access and remote-office VPN connectivity are common points of entry for such threats due to limited security capabilities on VPN devices. VPNs are often deployed without proper inspection and threat mitigation applied at the tunnel termination point at the headquarters location, which allows malware from remote offices or users to infiltrate the network and spread. With the converged threat mitigation capabilities of the Cisco ASA 5500 Series, customers can detect malware and stop it before it enters the network interior. For application-embedded attacks, such as spyware or adware spread through file-sharing peer-to-peer networks, the Cisco ASA 5500 Series deeply examines application traffic to identify a dangerous payload and drops its contents before it reaches its target and causes damage. The table below lists some VPN gateway security features provided by the Cisco VPN Client.
Feature   Included
Network Security at the VPN Gateway
Extensive Malware Mitigation
firewall network security
Application-Aware Firewall and Access Control firewall network security
firewall network security
Intrusion Prevention firewall network security
firewall network security
Access Restrictions firewall network security
firewall network security
Virtual LAN (VLAN) Mapping firewall network security
firewall network security
Comprehensive Endpoint Security for SSL VPN
Pre-Connection Posture Assessment
firewall network security
Pre-Connection Asset Assessment
firewall network security
Comprehensive Session Protection
firewall network security
End-of-Session Data Cleanup
firewall network security
Keystroke Logger Detection
firewall network security
Available with Guest Permissions
firewall network security
Advanced Endpoint Assessment License
firewall network security
Network-Aware Site-to-Site VPN Features
QoS-Enabled
firewall network security
Network-Aware Routing
firewall network security
VPN Cost-Effectiveness Through Platform Integration
Network and Endpoint Security
firewall network security
Load Balancing
firewall network security

Firewall Network Security: Cisco ASA 5500 Series Platform Overview

The Cisco ASA 5500 Series delivers site-specific scalability, from small offices to enterprise headquarter locations, through its five models: 5505, 5510, 5520, 5540, and 5550 (Figure 3). Models 5510 and up share a common chassis, built with a foundation of concurrent services scalability, investment protection, and future technology extensibility. The table below lists the specifications of the Cisco ASA 5500 Series models.
Figure 3. The Cisco ASA 5500 Series
firewall network security
Specifications of Cisco ASA 5500 Series Adaptive Security Appliances:
Platform   Cisco ASA 5505 Cisco ASA 5510 Cisco ASA 5520 Cisco ASA 5540 Cisco ASA 5550
Maximum VPN Throughput 100 Mbps 170 Mbps 225 Mbps 325 Mbps 425 Mbps
Maximum Concurrent SSL VPN Sessions 25 250 750 2500 5000
Maximum Concurrent IPsec VPN Sessions 25 250 750 2500 5000
Interfaces Eight 10/100 copper Ethernet ports with dynamic port grouping. Includes two Power over Ethernet (PoE) ports, three USB ports Five 10/100 copper Ethernet ports, two USB ports Four 10/100/1000 copper Ethernet ports, one out-of-band management port, two USB ports Four 10/100/1000 copper Ethernet ports, one out-of-band management port, two USB ports Eight Gigabit Ethernet ports, four small form factor-pluggable (SFP) fiber ports, one Fast Ethernet port
Profile Desktop 1-RU 1-RU 1-RU 1-RU
Stateful Failover No Licensed feature Yes Yes Yes
VPN load Balancing No Licensed feature Yes Yes Yes
Devices include a license for two SSL VPN users for evaluation and remote management purposes. The total concurrent IPsec and SSL (clientless and tunnel-based) VPN sessions may not exceed the maximum concurrent IPsec session count shown in the chart. The SSL VPN session number may also not exceed the number of licensed sessions on the device. 2Upgrade is available with Cisco ASA 5510 Security Plus license.



 

Protect your business with CCS Leeds Firewall Network Security