Cisco Adaptive Security Appliances
The Cisco ASA family of security devices protects corporate networks of all sizes. It provides users with highly secure access to data – anytime, anywhere, using any device. These devices represent more than 15 years of proven firewall and network security leadership, with more than 1 million security appliances deployed throughout the world.
Features and Capabilities
Cisco Adaptive Security Appliance (ASA) Software is the core operating system that powers the Cisco ASA family. It delivers enterprise-class firewall capabilities for ASA devices in an array of form factors – standalone appliances, blades, and virtual. ASA Software also integrates with other critical security technologies to deliver comprehensive solutions that meet continuously evolving security needs.
Among its benefits, Cisco ASA Software:
- Offers integrated IPS, VPN, and Unified Communications capabilities
- Helps organizations increase capacity and improve performance through clustering
- Delivers high availability for high resiliency applications
- Provides context awareness with Cisco TrustSec security group tags and Identity-Based Firewall
- Facilitates dynamic routing and site-to-site VPN on a per-context basis
Cisco ASA software supports next-generation encryption standards, including the Suite B set of cryptographic algorithms. It also integrates with Cisco Cloud Web Security to provide web-based threat protection.
In computer networking, Cisco ASA 5500 Series Adaptive Security Appliances, or simply Cisco ASA, is Cisco’s line of network security devices introduced in May 2005, that succeeded three existing lines of popular Cisco products:
- Cisco PIX, which provided firewall and network address translation (NAT) functions ended sale on 28 July 2008.[2]
- Cisco IPS 4200 Series, which worked as intrusion prevention systems (IPS).
- Cisco VPN 3000 Series Concentrators, which provided virtual private networking (VPN).
The ASA is a unified threat management device, combining several network security functions in one box.
The ASA software is based on Linux. It runs a single Executable and Linkable Format program called lina. This schedules processes internally rather than using the Linux facilities. In the boot sequence a boot loader called ROMMON starts, loads a Linux kernel, which then loads the lina_monitor, which then loads lina. The ROMMON also has a command line that can be used to load or select other software images and configurations. The names of firmware files includes a version indicaotr, -smp means it is for a symmetrical multiprocessor (and 64 bit architecture), and different parts also indicate if 3DES or AES is supported or not.
The ASA software has a similar interface to the Cisco IOS software on routers. There is a command line interface (CLI) that can be used to query operate or configure the device. In config mode the configuration statements are entered. The configuration is initially in memory as a running-config but would normally be saved to flash memory.
Software Versions: Cisco Adaptive Security Appliances (ASA)
| major release | 7.0 | 7.1 | 7.2 | 8.0 | 8.1 | 8.2 | 8.3 |
| released | 31 May 2005 | 6 Feb 2006 | 31 May 2006 | 18 Jun 2007 | 1 Mar 2008 | 6 May 2009 | 8 Mar 2010 |
| end of life | × | × | × | × | × | × | × |
| for 5505-5550 | Y | Y | Y | Y | Y | ||
| for 5512-5585-X |
| major release | 8.4 | 8.5 | 8.6 | 8.7 | 9.0 | 9.1 | 9.2 |
| released | 31 Jan 2011 | 8 Jul 2011 | 28 Feb 2012 | 16 Oct 2012 | 29 Oct 2012 | 3 Dec 2012 | 24 Apr 2014 |
| end of life | × | × | × | × | × | ||
| for 5505-5550 | Y | Y | Y | Y | |||
| for 5512-5585-X | Y | Y | Y | Y | Y |
| major release | 9.3 | 9.4 | 9.5 | 9.6 | 9.7 | 9.8 | 9.9 |
| released | 24 Jul 2014 | 30 Mar 2015 | 12 Aug 2015 | 21 Mar 2016 | 4 Apr 2017 | 15 May 2017 | 4 Dec 2017 |
| end of life | × | × | |||||
| for 5505-5550 | |||||||
| for 5512-5585-X | Y | Y | Y | Y | Y | Y | Y |
Options
The 5512-X, 5515-X, 5525-X, 5545-X and 5555-X can have an extra interface card added.
The 5585-X has options for SSP. SSP stands for security services processor.These range in processing power by a factor of 10, from SSP-10 SSP-20, SSP-40 and SSP-60. The ASA 5585-X has a slot for an I/O module. This slot can be subdivided into two half width modules.
On the low end models, some features are limited, and uncrippling happens with installation of a Security Plus License. This enables more VLANs, or VPN peers, and also high availability. Cisco AnyConnect is an extra licensable feature which operates IPSec or SSL tunnels to clients on PCs, iPhones or iPads.
Models
The 5505 introduced in 2010 was a desktop unit designed for small enterprises or branch offices. It included features to reduce the need for other equipment, such as an inbuilt switch, and power over Ethernet ports. The 5585-X is a higher powered unit for datacenters introduced in 2010.It runs in 32 bit mode on an Intel architecture Atom chip.
Cisco determined that most of the low end devices had too little capacity to include the features needed, such as anti-virus, or sandboxing, and so introduced a new line called next generation firewall. These run in 64 bit mode.
| Model | 5505 | 5510 | 5520 | 5540 | 5550 | 5580-20 | 5580-40 |
| Cleartext throughput, Mbit/s | 150 | 300 | 450 | 650 | 1,200 | 5,000 | 10,000 |
| AES/Triple DES throughput, Mbit/s | 100 | 170 | 225 | 325 | 425 | 1,000 | 1,000 |
| Max simultaneous connections | 10,000 (25,000 with Sec Plus License) | 50,000 (130,000 with Sec Plus License) | 280,000 | 400,000 | 650,000 | 1,000,000 | 2,000,000 |
| Max site-to-site and remote access VPN sessions | 10 (25 with Sec Plus License) | 250 | 750 | 5,000 | 5,000 | 10,000 | 10,000 |
| Max number of SSL VPN user sessions | 25 | 250 | 750 | 2,500 | 5,000 | 10,000 | 10,000 |
| Model | 5505 | 5510 | 5520 | 5540 | 5550 | 5580-20 | 5580-40 |
|
Model | 5585-X SSP10 | 5585-X SSP20 | 5585-X SSP40 | 5585-X SSP60 |
| Cleartext throughput, Mbit/s | 3,000 | 7,000 | 12,000 | 20,000 |
| AES/Triple DES throughput, Mbit/s | 1,000 | 2,000 | 3,000 | 5,000 |
| Max simultaneous connections | 1,000,000 | 2,000,000 | 4,000,000 | 10,000,000 |
| Max site-to-site and remote access VPN sessions | 5,000 | 10,000 | 10,000 | 10,000 |
| Max number of SSL VPN user sessions | 5,000 | 10,000 | 10,000 | 10,000 |
| Model | 5585-X SSP10 | 5585-X SSP20 | 5585-X SSP40 | 5585-X SSP60 |
Models as of 2018
| Model | 5506-X | 5506W-X | 5506H-X | 5508 |
| Throughput | 0.25 | 0.25 | 0.25 | 0.45 |
| GB ports | 8 | 8 | 4 | 8 |
| Ten GB ports | 0 | 0 | 0 | 0 |
| Form factor | desktop | desktop | desktop | desktop |
| Model | 5512-X | 5515-X | 5516-X | 5525-X | 5545-X | 5555-X | 5585-X |
| Throughput | 0.3 | 0.5 | 0.85 | 1.1 | 1.5 | 1.75 | 4-40 |
| GB ports | 6 | 6 | 8 | 8 | 8 | 8 | 6-8 |
| Ten GB ports | 0 | 0 | 0 | 0 | 0 | 0 | 2-4 |
| Form factor | 1 RU | 1 RU | 1 RU | 1RU | 1RU | 1RU | 2RU |
Reference Links: Cisco Adaptive Security Appliances (ASA)
https://sanchitgurukul.com/tutorials-cat
