Managed Firewall Services - Cisco ASA 5500 Series
SSL/IPsec VPN Edition
|
The Cisco® ASA 5500 Series Adaptive Security
Appliance is a purpose-built platform that combines
best-in-class security and VPN services for small and
medium-sized business (SMB) and enterprise
applications. The Cisco ASA 5500 Series enables
customization for specific deployment environments and
options, with special product editions for SSL/IPsec
VPN, Firewall, Content Security, and Intrusion
Prevention.
The Cisco ASA 5500 Series SSL/IPsec VPN Edition enables
organizations to gain the connectivity and cost
benefits of Internet transport without compromising the
integrity of corporate security policies. By converging
Secure Sockets Layer (SSL) and IP Security (IPsec) VPN
services with comprehensive threat defense
technologies, the Cisco ASA 5500 Series delivers highly
customizable network access tailored to the
requirements of diverse deployment environments while
providing advanced endpoint and network-level security
(Figure 1).
Figure 1. Customizable VPN Services for any
Deployment Scenario |
|
Cisco ASA 5500 Series SSL/IPSEC VPN Edition
|
The Cisco ASA 5500 Series SSL/IPsec VPN Edition
offers flexible VPN technologies for any connectivity
scenario, with scalability up to 5000 concurrent
users per device. It provides easy-to-manage,
full-tunnel network access through SSL, Datagram
Transport Layer Security (DTLS), IPsec VPN client
technologies, advanced clientless SSL VPN
capabilities, and network-aware site-to-site VPN
connectivity, enabling secure connections across
public networks to mobile users, remote sites,
contractors, and business partners. Costs associated
with VPN deployment and operations are reduced by
eliminating ancillary equipment required to scale and
secure a VPN.
Benefits of the Cisco ASA 5500 Series SSL/IPsec
VPN Edition include: Network
remote access
User connectivity
Superior clientless network
access
Network-aware Site-to-Site
VPNs
Threat-protected VPN
Cost-effective VPN deployment and
operations
Scalability and
resiliency
Customizable Remote-Access VPN Features
Find out more about the Cisco remote-access VPN
features by clicking on the links in the table
below:
|
Threat-Protected VPN Features
The Cisco ASA 5500
Series SSL/IPsec VPN Edition provides advanced security for
VPN deployments through its integrated network and endpoint
security technologies. Securing the VPN is necessary to
ensure it prevents network attacks such as worms, viruses,
spyware, keyloggers, Trojan horses, rootkits, or hacking.
Detailed application and access control policy helps ensure
that individuals and groups of users have access only to
the applications and network services to which they are
entitled (Figure 2).
Figure 2. Threat-Protected VPN Services Use Onboard
Security to Protect Against VPN Threats
Network Security at the VPN Gateway
Worms, viruses,
application-embedded attacks, and application abuse are
among the greatest security challenges in today's networks.
Remote access and remote-office VPN connectivity are common
points of entry for such threats due to limited security
capabilities on VPN devices. VPNs are often deployed
without proper inspection and threat mitigation applied at
the tunnel termination point at the headquarters location,
which allows malware from remote offices or users to
infiltrate the network and spread. With the converged
threat mitigation capabilities of the Cisco ASA 5500
Series, customers can detect malware and stop it before it
enters the network interior. For application-embedded
attacks, such as spyware or adware spread through
file-sharing peer-to-peer networks, the Cisco ASA 5500
Series deeply examines application traffic to identify a
dangerous payload and drops its contents before it reaches
its target and causes damage. The table below lists some
VPN gateway security features provided by the Cisco ASA
5500 Series.
Cisco ASA 5500 Series Platform OverviewThe
Cisco ASA 5500 Series delivers site-specific
scalability, from small offices to enterprise
headquarter locations, through its five models: 5505,
5510, 5520, 5540, and 5550 (Figure 3). Models 5510
and up share a common chassis, built with a
foundation of concurrent services scalability,
investment protection, and future technology
extensibility. The table below lists the
specifications of the Cisco ASA 5500 Series
models.
Figure 3. The Cisco ASA 5500 Series
|
|
Specifications of Cisco ASA 5500
Series Adaptive Security Appliances:
|
| Platform |
|
Cisco ASA 5505 |
Cisco ASA 5510 |
Cisco ASA 5520 |
Cisco ASA 5540 |
Cisco ASA 5550 |
| Maximum VPN Throughput |
100 Mbps |
170 Mbps |
225 Mbps |
325 Mbps |
425 Mbps |
| Maximum Concurrent SSL VPN
Sessions |
25 |
250 |
750 |
2500 |
5000 |
| Maximum Concurrent IPsec VPN
Sessions |
25 |
250 |
750 |
2500 |
5000 |
| Interfaces |
Eight 10/100 copper Ethernet ports with dynamic
port grouping. Includes two Power over Ethernet (PoE)
ports, three USB ports |
Five 10/100 copper Ethernet ports, two USB
ports |
Four 10/100/1000 copper Ethernet ports, one
out-of-band management port, two USB ports |
Four 10/100/1000 copper Ethernet ports, one
out-of-band management port, two USB ports |
Eight Gigabit Ethernet ports, four small form
factor-pluggable (SFP) fiber ports, one Fast Ethernet
port |
| Profile |
Desktop |
1-RU |
1-RU |
1-RU |
1-RU |
| Stateful Failover |
No |
Licensed feature |
Yes |
Yes |
Yes |
| VPN load Balancing |
No |
Licensed feature |
Yes |
Yes |
Yes |
| Devices include a
license for two SSL VPN users for evaluation and remote
management purposes. The total concurrent IPsec and SSL
(clientless and tunnel-based) VPN sessions may not
exceed the maximum concurrent IPsec session count shown
in the chart. The SSL VPN session number may also not
exceed the number of licensed sessions on the device.
2Upgrade is available with Cisco ASA 5510 Security Plus
license. |
