Scribd Logo
Upload

Welcome to Scribd!

  • ASA55xx Series: Bryley Systems Inc

    Uploaded by

    caotuan
    17 views21 pages
    The document summarizes Cisco's ASA55xx series of Adaptive Security Appliances. It describes the default capabilities of firewall, IPSec VPN, and SSL VPN. It then covers the various models including the ASA550x for SOHO use, ASA551x for main offices, and high-end ASA555x. Optional capabilities discussed include the Content Security and Control module for anti-virus, URL filtering, and other features.

    Original Description:

    cisco asa firewall

    Original Title

    power point Ciscoasafirewalls 150611150244 Lva1 App6892

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document summarizes Cisco's ASA55xx series of Adaptive Security Appliances. It describes the default capabilities of firewall, IPSec VPN, and SSL VPN. It then covers the various models including the ASA550x for SOHO use, ASA551x for main offices, and high-end ASA555x. Optional capabilities discussed include the Content Security and Control module for anti-virus, URL filtering, and other features.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    17 views21 pages

    ASA55xx Series: Bryley Systems Inc

    Uploaded by

    caotuan
    The document summarizes Cisco's ASA55xx series of Adaptive Security Appliances. It describes the default capabilities of firewall, IPSec VPN, and SSL VPN. It then covers the various models including the ASA550x for SOHO use, ASA551x for main offices, and high-end ASA555x. Optional capabilities discussed include the Content Security and Control module for anti-virus, URL filtering, and other features.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 21

    ASA55xx Series

    Ciscos series of Adaptive Security Appliances

    Bryley Systems Inc.


    Business Technology Solutions Since 1987
    Agenda
    Default Capabilities
    Models
    Optional Capabilities
    ASA Capabilities
    Stateful/Deep Packet Inspection Firewall
    IPSec VPN Endpoint
    SSL VPN Endpoint
    Virtualization
    Anti-X
    Intrusion Prevention
    Firewall
    Default firewall rules
    Outbound traffic is allowed unless otherwise
    specified
    Inbound traffic is denied unless otherwise
    specified
    Stateful packet inspection ensures that
    responses to outbound traffic match outgoing
    requests
    ASA Firewall
    ASA assigns a security level to each interface
    inside is 100, outside (Interent) is 0, DMZ is
    typically assigned 50
    Default rules allow free flow from higher security
    level to lower security 0 level
    NAT/PAT
    Allows for more servers with fewer public Ips
    Deep packet inspection
    IPSec VPN
    Used for LAN-to-LAN connections
    Workstation clients for Windows, Macintosh,
    Linux
    Maximum connections depends on model
    No additional licenses required
    EasyVPN
    Simplified configuration
    Inbound connections only
    SSL VPN
    No pre-installed client connect with web
    browser
    Licensed by simultaneous connections (2
    connections permitted for testing)
    Clientless connection
    Simplest configuration
    Limited to web applications
    Some client-server applications are SSL VPN aware
    SSL VPN
    Cisco AnyConnect VPN client
    Downloaded on-the-fly
    Full network access (if desired)
    Windows/Macintosh/Linux
    May not function of user rights on client
    computer limited
    IPSec vs SSL
    IPSec SSL
    Workstation configuration Browser-based from any
    required computer
    Administrator can configure Limited access if user does
    VPN then restrict user not have right to install
    access applications
    Access as if client machine Need to use web applictions
    on LAN to ensure access
    Has pre-shared key in Vulnerable to password
    addition to user password compromise
    No additional cost Extra cost feature
    ASA Models
    ASA550x - SOHO/Telecommuter
    ASA551x
    Main Office, Integrated
    ASA552x
    Protection
    ASA554x
    ASA555x - Large enterprise
    ASA558x - Datacenter/ISP
    http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html
    ASA550x Base License
    10/50/Unlimited internal devices
    10 Simultaneous VPNs
    8 10/100 Ethernet ports assigned to VLANs
    2 Power over Ethernet
    3 VLANs
    One VLAN must be isolated from
    communicating with one of the others.
    ASA550x Telecommuter setup
    ASA550x Security Plus
    25 Simultaneous VPNs
    Ports must be assigned to one of three
    interfaces, up to 20 trunked VLANs permitted
    Communications between interfaces restriced
    by standard firewall rules
    Failover to backup ISP for outbound access
    ASA551x Base License
    250 Simultaneous VPNs
    3 10/100 Ethernet ports Firewall interfaces
    1 10/100 Ethernet port Management only
    Up to 50 Trunked VLANs
    SSM Slot for Content Filter or Intrusion
    Prevention Module
    ASA551x Security Plus License
    250 Simultaneous VPNs
    3 10/100 Ethernet ports
    2 10/100/1000 Ethernet ports
    Up to 100 Trunked VLANs
    SSM Slot for Content Filter, Intrusion
    Prevention Module, or 4 x 10/100/1000
    Ethernet Port module
    2 included/5 maximum Security Contexts
    ASA552x
    750 Simultaneous VPNs
    1 10/100 Ethernet port
    4 10/100/1000 Ethernet ports
    Up to 150 Trunked VLANs
    SSM Slot for Content Filter, Intrusion
    Prevention Module, or 4 x 10/100/1000
    Ethernet Port module
    2 included/20 maximum Security Contexts
    ASA554x
    5000 Simultaneous VPNs (2500 SSL)
    1 10/100 Ethernet port
    4 10/100/1000 Ethernet ports
    Up to 200 Trunked VLANs
    SSM Slot for Content Filter, Intrusion
    Prevention Module, or 4 x 10/100/1000
    Ethernet Port module
    2 included/50 maximum Security Contexts
    ASA555x
    5000 Simultaneous VPNs
    1 10/100 Ethernet port
    4 10/100/1000 Ethernet ports
    4 ports selectable 1000T/SFP Fiber ports
    Up to 250 Trunked VLANs
    No SSM Slot
    2 included/50 maximum Security Contexts
    Content Security and Control Module
    Standard License
    Anti-virus
    Anti-Spyware
    File blocking
    Plus License adds
    Anti-SPAM
    URL Filter
    E-mail content control
    Content Security and Control Module
    CSC-SSM-10
    50/100/250/500 users
    ASA5510 and ASA5520
    CSC-SSM-20
    750/1000 users
    ASA5510 , ASA5520, ASA5540
    Subscription required for updates
    Advanced Intrusion Prevention
    Compares every packet against a signature
    database
    Alerting or automatic blocking
    Update subscription required

    You might also like