The document summarizes Cisco's ASA55xx series of Adaptive Security Appliances. It describes the default capabilities of firewall, IPSec VPN, and SSL VPN. It then covers the various models including the ASA550x for SOHO use, ASA551x for main offices, and high-end ASA555x. Optional capabilities discussed include the Content Security and Control module for anti-virus, URL filtering, and other features.
Original Description:
cisco asa firewall
Original Title
power point Ciscoasafirewalls 150611150244 Lva1 App6892
The document summarizes Cisco's ASA55xx series of Adaptive Security Appliances. It describes the default capabilities of firewall, IPSec VPN, and SSL VPN. It then covers the various models including the ASA550x for SOHO use, ASA551x for main offices, and high-end ASA555x. Optional capabilities discussed include the Content Security and Control module for anti-virus, URL filtering, and other features.
The document summarizes Cisco's ASA55xx series of Adaptive Security Appliances. It describes the default capabilities of firewall, IPSec VPN, and SSL VPN. It then covers the various models including the ASA550x for SOHO use, ASA551x for main offices, and high-end ASA555x. Optional capabilities discussed include the Content Security and Control module for anti-virus, URL filtering, and other features.
Business Technology Solutions Since 1987 Agenda Default Capabilities Models Optional Capabilities ASA Capabilities Stateful/Deep Packet Inspection Firewall IPSec VPN Endpoint SSL VPN Endpoint Virtualization Anti-X Intrusion Prevention Firewall Default firewall rules Outbound traffic is allowed unless otherwise specified Inbound traffic is denied unless otherwise specified Stateful packet inspection ensures that responses to outbound traffic match outgoing requests ASA Firewall ASA assigns a security level to each interface inside is 100, outside (Interent) is 0, DMZ is typically assigned 50 Default rules allow free flow from higher security level to lower security 0 level NAT/PAT Allows for more servers with fewer public Ips Deep packet inspection IPSec VPN Used for LAN-to-LAN connections Workstation clients for Windows, Macintosh, Linux Maximum connections depends on model No additional licenses required EasyVPN Simplified configuration Inbound connections only SSL VPN No pre-installed client connect with web browser Licensed by simultaneous connections (2 connections permitted for testing) Clientless connection Simplest configuration Limited to web applications Some client-server applications are SSL VPN aware SSL VPN Cisco AnyConnect VPN client Downloaded on-the-fly Full network access (if desired) Windows/Macintosh/Linux May not function of user rights on client computer limited IPSec vs SSL IPSec SSL Workstation configuration Browser-based from any required computer Administrator can configure Limited access if user does VPN then restrict user not have right to install access applications Access as if client machine Need to use web applictions on LAN to ensure access Has pre-shared key in Vulnerable to password addition to user password compromise No additional cost Extra cost feature ASA Models ASA550x - SOHO/Telecommuter ASA551x Main Office, Integrated ASA552x Protection ASA554x ASA555x - Large enterprise ASA558x - Datacenter/ISP http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html ASA550x Base License 10/50/Unlimited internal devices 10 Simultaneous VPNs 8 10/100 Ethernet ports assigned to VLANs 2 Power over Ethernet 3 VLANs One VLAN must be isolated from communicating with one of the others. ASA550x Telecommuter setup ASA550x Security Plus 25 Simultaneous VPNs Ports must be assigned to one of three interfaces, up to 20 trunked VLANs permitted Communications between interfaces restriced by standard firewall rules Failover to backup ISP for outbound access ASA551x Base License 250 Simultaneous VPNs 3 10/100 Ethernet ports Firewall interfaces 1 10/100 Ethernet port Management only Up to 50 Trunked VLANs SSM Slot for Content Filter or Intrusion Prevention Module ASA551x Security Plus License 250 Simultaneous VPNs 3 10/100 Ethernet ports 2 10/100/1000 Ethernet ports Up to 100 Trunked VLANs SSM Slot for Content Filter, Intrusion Prevention Module, or 4 x 10/100/1000 Ethernet Port module 2 included/5 maximum Security Contexts ASA552x 750 Simultaneous VPNs 1 10/100 Ethernet port 4 10/100/1000 Ethernet ports Up to 150 Trunked VLANs SSM Slot for Content Filter, Intrusion Prevention Module, or 4 x 10/100/1000 Ethernet Port module 2 included/20 maximum Security Contexts ASA554x 5000 Simultaneous VPNs (2500 SSL) 1 10/100 Ethernet port 4 10/100/1000 Ethernet ports Up to 200 Trunked VLANs SSM Slot for Content Filter, Intrusion Prevention Module, or 4 x 10/100/1000 Ethernet Port module 2 included/50 maximum Security Contexts ASA555x 5000 Simultaneous VPNs 1 10/100 Ethernet port 4 10/100/1000 Ethernet ports 4 ports selectable 1000T/SFP Fiber ports Up to 250 Trunked VLANs No SSM Slot 2 included/50 maximum Security Contexts Content Security and Control Module Standard License Anti-virus Anti-Spyware File blocking Plus License adds Anti-SPAM URL Filter E-mail content control Content Security and Control Module CSC-SSM-10 50/100/250/500 users ASA5510 and ASA5520 CSC-SSM-20 750/1000 users ASA5510 , ASA5520, ASA5540 Subscription required for updates Advanced Intrusion Prevention Compares every packet against a signature database Alerting or automatic blocking Update subscription required