Data Sheet
Page 1
... flexible, secure connectivity options. All rights reserved. Page 1 of the Cisco Adaptive Threat Defense and flexible All contents are purpose-built solutions that stops attacks before they spread through user-installable security services modules (SSMs), advance the evolution of existing services as well as a key component of the Cisco Self-Defending Network, the Cisco ASA 5500 Series provides proactive threat defense that combine best-of-breed security and VPN services with multiple devices in...
... flexible, secure connectivity options. All rights reserved. Page 1 of the Cisco Adaptive Threat Defense and flexible All contents are purpose-built solutions that stops attacks before they spread through user-installable security services modules (SSMs), advance the evolution of existing services as well as a key component of the Cisco Self-Defending Network, the Cisco ASA 5500 Series provides proactive threat defense that combine best-of-breed security and VPN services with multiple devices in...
Data Sheet
Page 2
... over use of applications and protocols in a data center, for legitimate business applications. ANTI-X DEFENSES The Cisco ASA 5500 Series provides advanced, high-performance protection against network and application layer attacks, denial-of 20 Advanced Detection Techniques To help ensure that help enable accurate mitigation of security and VPN technologies to help ensure that helps ensure appropriate mitigation actions are taken with the extensive detection techniques are available for stopping...
... over use of applications and protocols in a data center, for legitimate business applications. ANTI-X DEFENSES The Cisco ASA 5500 Series provides advanced, high-performance protection against network and application layer attacks, denial-of 20 Advanced Detection Techniques To help ensure that help enable accurate mitigation of security and VPN technologies to help ensure that helps ensure appropriate mitigation actions are taken with the extensive detection techniques are available for stopping...
Data Sheet
Page 3
... through real-time modeling of worm behavior, including correlation of the corporate security policy. Remote-Access VPN The Cisco ASA 5500 Series offers flexible technologies that deliver tailored solutions to suit connectivity requirements, providing employees' company-managed desktops with the wide range of security services offered by combining robust site-to-site VPN support with "auto-update" capabilities that help ensure that the appropriate priority and bandwidth restrictions are applied to specific network traffic...
... through real-time modeling of worm behavior, including correlation of the corporate security policy. Remote-Access VPN The Cisco ASA 5500 Series offers flexible technologies that deliver tailored solutions to suit connectivity requirements, providing employees' company-managed desktops with the wide range of security services offered by combining robust site-to-site VPN support with "auto-update" capabilities that help ensure that the appropriate priority and bandwidth restrictions are applied to specific network traffic...
Data Sheet
Page 4
... Cisco ASA 5500 Series brings a new level of a single Cisco ASA 5500 Series appliance into multiple virtual firewalls, each with both stateful Active/Active and Active/Standby high-availability services, as well as VPN device clustering, to help enable secure, high-speed communications between multiple locations, offering the performance, reliability, and availability that tailor security needs to application requirements while providing performance and security service extensibility through highly customizable flow-specific security policies that...
... Cisco ASA 5500 Series brings a new level of a single Cisco ASA 5500 Series appliance into multiple virtual firewalls, each with both stateful Active/Active and Active/Standby high-availability services, as well as VPN device clustering, to help enable secure, high-speed communications between multiple locations, offering the performance, reliability, and availability that tailor security needs to application requirements while providing performance and security service extensibility through highly customizable flow-specific security policies that...
Data Sheet
Page 5
... allows security services to be deployed as an "all-in support of configuration, monitoring, and troubleshooting methods, giving businesses flexibility to use the methods that define what specific services are applied to -site IPSec and SSL remote-access VPN capabilities. Cisco Adaptive Identification and Mitigation Architecture Using the powerful policy framework offered by the Cisco ASA 5500 Series, administrators can orchestrate detailed policies that best meet their needs. By enabling the selection...
... allows security services to be deployed as an "all-in support of configuration, monitoring, and troubleshooting methods, giving businesses flexibility to use the methods that define what specific services are applied to -site IPSec and SSL remote-access VPN capabilities. Cisco Adaptive Identification and Mitigation Architecture Using the powerful policy framework offered by the Cisco ASA 5500 Series, administrators can orchestrate detailed policies that best meet their needs. By enabling the selection...
Data Sheet
Page 6
... and real-time syslog viewer, provide vital device and network health status and event monitoring at a glance. Intelligent setup and VPN wizards provide easy integration into any software (other than a standard Web browser and Java Plug-In) to CiscoWorks VPN/Security Management Solution (VMS) 2.3. Important notices, privacy statements, and trademarks of security policies and object groups • "Touchless" software image management for remote Cisco ASA 5500 Series appliances • Support for complex, multi-vendor networks. All rights...
... and real-time syslog viewer, provide vital device and network health status and event monitoring at a glance. Intelligent setup and VPN wizards provide easy integration into any software (other than a standard Web browser and Java Plug-In) to CiscoWorks VPN/Security Management Solution (VMS) 2.3. Important notices, privacy statements, and trademarks of security policies and object groups • "Touchless" software image management for remote Cisco ASA 5500 Series appliances • Support for complex, multi-vendor networks. All rights...
Data Sheet
Page 7
... Control Message Protocol (ICMP), SQL*Net, Network File System (NFS), H.323 Versions 1-4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), Media Gateway Control Protocol (MGCP), Real-Time Streaming Protocol (RTSP), Telephony Application Programming Interface (TAPI) and Java Telephony Application Programming Interface (JTAPI) over Computer Telephony Interface Quick Buffer Encoding (CTIQBE) protocol, GPRS Tunneling Protocol (GTP), Lightweight Directory Access Protocol (LDAP), Internet Locator Service (ILS), Sun Remote...
... Control Message Protocol (ICMP), SQL*Net, Network File System (NFS), H.323 Versions 1-4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), Media Gateway Control Protocol (MGCP), Real-Time Streaming Protocol (RTSP), Telephony Application Programming Interface (TAPI) and Java Telephony Application Programming Interface (JTAPI) over Computer Telephony Interface Quick Buffer Encoding (CTIQBE) protocol, GPRS Tunneling Protocol (GTP), Lightweight Directory Access Protocol (LDAP), Internet Locator Service (ILS), Sun Remote...
Data Sheet
Page 8
... Microsoft Windows Messenger, while delivering advanced services such as call forwarding, call agents or media gateway controllers • Delivers NAT-based address translation services for RTSP media streams for improved support in real-time networking environments • Supports inspection of attacks in both routed or Layer 2 © 2005 Cisco Systems, Inc. and JTAPI-based applications that use CTIQBE, including Cisco IP SoftPhone and the Cisco Customer Response solution • Enables inspection...
... Microsoft Windows Messenger, while delivering advanced services such as call forwarding, call agents or media gateway controllers • Delivers NAT-based address translation services for RTSP media streams for improved support in real-time networking environments • Supports inspection of attacks in both routed or Layer 2 © 2005 Cisco Systems, Inc. and JTAPI-based applications that use CTIQBE, including Cisco IP SoftPhone and the Cisco Customer Response solution • Enables inspection...
Data Sheet
Page 9
... devices, networks, and services) into logical groups to greatly simplify access control rule definition and maintenance • Provides rich dynamic, static, and policy-based NAT and PAT services • Simplifies deployment of Cisco ASA 5500 Series appliances by network traffic attempting to traverse a security appliance • Gives precise control over protocols, and provides custom regular expression matching tools for businesses to craft environment-specific signatures • Uses auto-update capability to download...
... devices, networks, and services) into logical groups to greatly simplify access control rule definition and maintenance • Provides rich dynamic, static, and policy-based NAT and PAT services • Simplifies deployment of Cisco ASA 5500 Series appliances by network traffic attempting to traverse a security appliance • Gives precise control over protocols, and provides custom regular expression matching tools for businesses to craft environment-specific signatures • Uses auto-update capability to download...
Data Sheet
Page 10
...Cisco Easy VPN Remote-enabled solutions (such as the Cisco VPN Client) upon connection, eliminating the need to manage each client separately and therefore helping ensure enforcement of the latest corporate VPN security policies • Performs VPN client security posture checks when a VPN connection attempt is received, including enforcing usage of authorized host-based security products (such as the Cisco Security Agent) • Provides administrators precise control over low-bandwidth connections Cisco VPN Client • Includes a free unlimited license for up to the Cisco ASA 5500...
...Cisco Easy VPN Remote-enabled solutions (such as the Cisco VPN Client) upon connection, eliminating the need to manage each client separately and therefore helping ensure enforcement of the latest corporate VPN security policies • Performs VPN client security posture checks when a VPN connection attempt is received, including enforcing usage of authorized host-based security products (such as the Cisco Security Agent) • Provides administrators precise control over low-bandwidth connections Cisco VPN Client • Includes a free unlimited license for up to the Cisco ASA 5500...
Data Sheet
Page 11
... administrative domains • Supports four licensed levels of security contexts: 5, 10, 20, and 50 (the maximum number of multiple security contexts (virtual firewalls) within a single Cisco ASA 5500 Series appliance, with key sizes ranging up to 5000 simultaneous remotely connected sites (on Cisco ASA 5540 appliances that are configured as a failover pair continuously synchronize their connection state and device configuration data. Page 11 of Cisco Systems, Inc. Feature Site-to-Site VPN Services Benefit • Extends networks securely over...
... administrative domains • Supports four licensed levels of security contexts: 5, 10, 20, and 50 (the maximum number of multiple security contexts (virtual firewalls) within a single Cisco ASA 5500 Series appliance, with key sizes ranging up to 5000 simultaneous remotely connected sites (on Cisco ASA 5540 appliances that are configured as a failover pair continuously synchronize their connection state and device configuration data. Page 11 of Cisco Systems, Inc. Feature Site-to-Site VPN Services Benefit • Extends networks securely over...
Data Sheet
Page 12
... a Cisco ASA 5500 Series appliance in a secure Layer 2 bridging mode, providing rich Layer 2-7 firewall security services for the protected network while remaining "invisible" to devices on each side of it • Simplifies Cisco ASA 5500 Series appliance deployments in existing network environments by not requiring businesses to readdress the protected networks • Supports creation of Layer 2 security perimeters by enforcing administrator-defined Ethertype-based access control policies for Layer 2 network traffic VLAN-Based Virtual Interfaces...
... a Cisco ASA 5500 Series appliance in a secure Layer 2 bridging mode, providing rich Layer 2-7 firewall security services for the protected network while remaining "invisible" to devices on each side of it • Simplifies Cisco ASA 5500 Series appliance deployments in existing network environments by not requiring businesses to readdress the protected networks • Supports creation of Layer 2 security perimeters by enforcing administrator-defined Ethertype-based access control policies for Layer 2 network traffic VLAN-Based Virtual Interfaces...
Data Sheet
Page 13
...-time, and historical reports that give critical insight into VPN connections with detailed per-tunnel statistics, including tunnel uptime, bytes and packets transferred, and more Authentication, Authorization, and Accounting (AAA) Services • Enables the strong authentication of users through the Cisco ASA 5500 Series appliances through a local user database or through integration with enterprise databases, either directly using TACACS+ and RADIUS or indirectly with Cisco Secure Access Control Server (ACS) • Supports...
...-time, and historical reports that give critical insight into VPN connections with detailed per-tunnel statistics, including tunnel uptime, bytes and packets transferred, and more Authentication, Authorization, and Accounting (AAA) Services • Enables the strong authentication of users through the Cisco ASA 5500 Series appliances through a local user database or through integration with enterprise databases, either directly using TACACS+ and RADIUS or indirectly with Cisco Secure Access Control Server (ACS) • Supports...
Data Sheet
Page 14
...) basis, etc. Feature Licenses Security Context Licenses The Cisco ASA 5520 and 5540 can support up to 10 and 50 security contexts, respectively, where each interface of the Cisco ASA 5500 Series appliance • Supports several methods of accessing captured packets, including through the console, secure Web access, or a file exported to a TFTP server Extended ICMP Ping Services SMTP E-Mail Alerts • Delivers useful troubleshooting methods through support for IPv6 addresses and extended ICMP options, including data pattern, Don't Fragment...
...) basis, etc. Feature Licenses Security Context Licenses The Cisco ASA 5520 and 5540 can support up to 10 and 50 security contexts, respectively, where each interface of the Cisco ASA 5500 Series appliance • Supports several methods of accessing captured packets, including through the console, secure Web access, or a file exported to a TFTP server Extended ICMP Ping Services SMTP E-Mail Alerts • Delivers useful troubleshooting methods through support for IPv6 addresses and extended ICMP options, including data pattern, Don't Fragment...
Data Sheet
Page 15
... enabling the fourth Fast Ethernet port and removing the restriction on compatibility between Cisco ASA 5500 Series appliances and VPN clients, VPN products, and certain cryptographic standards. © 2005 Cisco Systems, Inc. With a VPN Plus license, businesses quadruple the platform base VPN capacity to support up to 150 concurrent VPN connections from mobile users, remote sites, and business partners. This license type and related feature set are available, including 5, 10, 20, and 50 security contexts. Cisco ASA...
... enabling the fourth Fast Ethernet port and removing the restriction on compatibility between Cisco ASA 5500 Series appliances and VPN clients, VPN products, and certain cryptographic standards. © 2005 Cisco Systems, Inc. With a VPN Plus license, businesses quadruple the platform base VPN capacity to support up to 150 concurrent VPN connections from mobile users, remote sites, and business partners. This license type and related feature set are available, including 5, 10, 20, and 50 security contexts. Cisco ASA...
Data Sheet
Page 16
... and VPN Products Versions Supported Cisco ASA Software Version 7.0(1) and later Cisco IOS Software Release 12.1(6)T and later Cisco PIX Security Appliance Software Version 6.0(1) and later Cisco VPN 3000 Series Concentrator Software Version 3.0 and later VPN Gateway Cisco ASA 5500 Series Appliances Cisco IOS Software Routers Cisco PIX Security Appliances Cisco VPN 3000 Series Concentrators Cryptographic Standards Supported Cisco ASA 5500 Series appliances support numerous cryptographic standards and related third-party products and services (Table 4). All rights reserved. Important notices...
... and VPN Products Versions Supported Cisco ASA Software Version 7.0(1) and later Cisco IOS Software Release 12.1(6)T and later Cisco PIX Security Appliance Software Version 6.0(1) and later Cisco VPN 3000 Series Concentrator Software Version 3.0 and later VPN Gateway Cisco ASA 5500 Series Appliances Cisco IOS Software Routers Cisco PIX Security Appliances Cisco VPN 3000 Series Concentrators Cryptographic Standards Supported Cisco ASA 5500 Series appliances support numerous cryptographic standards and related third-party products and services (Table 4). All rights reserved. Important notices...
Data Sheet
Page 17
...= ASA5500-SC-20= ASA5500-SC-50= ASA5500-SC-5-10= ASA5500-SC-10-20= ASA5500-SC-20-50= Product Name Cisco ASA 5500 Series 5 Security Contexts license Cisco ASA 5500 Series 10 Security Contexts license Cisco ASA 5500 Series 20 Security Contexts license Cisco ASA 5500 Series 50 Security Contexts license Cisco ASA 5500 Series 5 to 10 Security Contexts license upgrade Cisco ASA 5500 Series 10 to 20 Security Contexts license upgrade Cisco ASA 5500 Series 20 to Table 6. can be found on cisco.com. Table 6. Cryptographic Standard Hash Algorithms Key Lengths and Hash Sizes Supported • Message...
...= ASA5500-SC-20= ASA5500-SC-50= ASA5500-SC-5-10= ASA5500-SC-10-20= ASA5500-SC-20-50= Product Name Cisco ASA 5500 Series 5 Security Contexts license Cisco ASA 5500 Series 10 Security Contexts license Cisco ASA 5500 Series 20 Security Contexts license Cisco ASA 5500 Series 50 Security Contexts license Cisco ASA 5500 Series 5 to 10 Security Contexts license upgrade Cisco ASA 5500 Series 10 to 20 Security Contexts license upgrade Cisco ASA 5500 Series 20 to Table 6. can be found on cisco.com. Table 6. Cryptographic Standard Hash Algorithms Key Lengths and Hash Sizes Supported • Message...
Data Sheet
Page 18
...customer success. can be found on cisco.com. Software Images for IPS. Cisco services help you protect your network investment, optimize network operations, and prepare your network for services specific to download Cisco ASA Software (Table 7). for new applications to extend network intelligence and the power of services programs to Cisco Technical Support Services and Cisco Advanced Services; Product Name Cisco ASA 5500 Series GTP/GPRS Inspection license Cisco ASA 5510 Adaptive Security Appliance Security Plus license Cisco ASA 5520 Adaptive Security Appliance VPN Plus license...
...customer success. can be found on cisco.com. Software Images for IPS. Cisco services help you protect your network investment, optimize network operations, and prepare your network for services specific to download Cisco ASA Software (Table 7). for new applications to extend network intelligence and the power of services programs to Cisco Technical Support Services and Cisco Advanced Services; Product Name Cisco ASA 5500 Series GTP/GPRS Inspection license Cisco ASA 5510 Adaptive Security Appliance Security Plus license Cisco ASA 5520 Adaptive Security Appliance VPN Plus license...
Data Sheet
Page 19
Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc. All rights reserved. and/or its affiliates in the United States and certain other trademarks mentioned in this document or Website are listed on cisco.com. 205226.G_ETMG_KM_6.05 Important Printed in the following countries and regions. Corporate Headquarters Cisco Systems...
Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc. All rights reserved. and/or its affiliates in the United States and certain other trademarks mentioned in this document or Website are listed on cisco.com. 205226.G_ETMG_KM_6.05 Important Printed in the following countries and regions. Corporate Headquarters Cisco Systems...
Data Sheet
Page 20
Page 20 of Cisco Systems, Inc. can be found on cisco.com. All rights reserved. Important notices, privacy statements, and trademarks of 20 © 2005 Cisco Systems, Inc.
Page 20 of Cisco Systems, Inc. can be found on cisco.com. All rights reserved. Important notices, privacy statements, and trademarks of 20 © 2005 Cisco Systems, Inc.