Quick Guide to Cisco ASA Models
One of the most (if not the most) important parts of a modern network is the hardware and software that is used to secure it. There was a time (many years ago) when devices on the Internet could be rather complacent with their security without worrying about the constant threat of attack; those days have long been over. On the modern Internet, anybody that connects to it has to be aware of the risks that come with the connection and must be prepared for the possibility of attack at any time. Of course the most visible targets (e.g. big public companies) are the ones that are attacked the most, but that does not mean the small business with very little national or international visibility can ignore the possibility of threat. This article takes a look at some of the capabilities that have been included within the platform and briefly reviews the current ASA models.
Cisco has been one of the leaders in network security for some time and with the development of their Adaptive Security Appliance (ASA) line of devices has firmly grouped them in the pack of good network security options for both small and large businesses.
The backbone of any network security appliance is a firewall; a firewall is used to control which traffic is allowed in to and out of a specific network. At the heart of the ASA is a world class (application aware) firewall which was built off the very successful line of PIX security appliances. This is then tightly integrated with an Intrusion Prevention System (IPS) and with support for a variety of different Virtual Private Network (VPN) technologies.
Another advantage that exists with the ASA is the wide range of capable models for almost any potential implementation type.
5505, 5510, 5512-X and 5515-X
The 5505, 5510, 5512-X and 5515-X models are focused on the small office and branch office locations. These models offer up to 1.2 Gigabits per second of inspected throughput, up to 250,000 concurrent sessions and up to 15,000 connections per second as well as support for IPS and VPN capabilities.
5520,5525-X,5540,5545-X,5550 and 5555-X
The 5520, 5525-X, 5540, 5545-X, 5550 and 5555-X models are focuses for devices that sit at the Internet edge of an organization. These models support up to 4 Gigabits per second of inspected throughput, up to 1,000,000 concurrent sessions, up to 50,000 connections per second and support for up to 1.1 million packets a second of forwarding potential. This performance is then backed with extended support for an IPS and many different types of VPN’s.
5585-X and ASA Services Module
The 5585-X and ASA services module (for a Catalyst 6500) are used in large scale enterprise/data center deployments. These are the top of the line in terms of performance. These modes support up to 10 Gigabits per second of inspected throughput, up to 10,000,000 concurrent sessions, up to 350,000 connections per seconds and support for up to 9 million packets a second of forwarding potential. Support for different features depends on the model, but remember that these devices are intended to be placed in a central location which commonly is not where features like VPN’s are terminated.
The ASA models are certainly a good option when selecting a security appliance for almost all possible situations and should be considered along with all of the various options on the market today.