While your security needs may be many and complex, the key to solving these needs is to choose the right combination of Cisco Adaptive Security Appliances (ASAs) for your network. This white paper takes a high-level look at the various models in the 5500- series of ASAs and their features. It also digs deeper into common security needs to help you decide which Cisco ASA security appliance is right for your network.
Are you trying to decide if Cisco's line of Adaptive Security Appliances (ASA) would make your networking infrastructure as secure as you've been wishing for? Or do you need to implement new security features to add additional richness to your networking design? The goal of this white paper is to introduce you to the different models within the 5500-series family of Cisco ASAs and give you an idea of how each would best be used. This guide will also give a brief overview of the licensing considerations for each of the models discussed.
The specific model of Cisco ASA that you need largely depends on the size of your business. Cisco classifies the models within the 5500-series as either "Mid-range" or "High-end." The mid-range includes the 5505, 5510, 5520, 5540, and 5550 models, while the high-end includes the 5580 and 5585-X models. The higher the model number, the more throughput and capacity are achieved.
All appliances within the 5500-series family include management support via the Adaptive Security Device Manager (ASDM), which is a robust Graphical User Interface (GUI) environment accessible either via a web browser, or installable on your desktop, if using a Windows operating system. Let's look at each of the models and discuss how each one would be best suited for use in a production environment.
Cisco 5505
While this model is on the low end of the 5500-series family, it certainly doesn't pull any punches. Designed for the Small Office/Home Office (SOHO) and Remote Office/Branch Office (ROBO) environments, this appliance is well-suited as a small- to medium-sized network firewall device. It is also a very popular Easy VPN client, although it can also serve as the Easy VPN server, when needed. This model is easily managed via the integrated Adaptive Security Device Manager (ASDM), which is a very robust graphical user interface (GUI) environment that can be accessed via a web browser or a desktop shortcut (available on Windows operating systems only).
This model includes an 8-port 10/100 Layer 2 switch designed to use VLANs to segregate traffic, as opposed to the Layer 3 interfaces used by all of the higher models. With this firewall, you would typically configure the first port as your "outside" port on VLAN 2 and leave the other ports as "inside" ports on VLAN 1 (default VLAN assignment). This model even includes the 7th and 8th ports as Power over Ethernet (PoE) ports for use with IP phones or wireless access points (WAPs).
Cisco 5510
The Cisco 5510 model is designed for small- to medium-sized businesses, as well as for enterprise remote and branch offices. Like the 5505, this model is also licensed with either a Base or Security Plus option. Being the first true "modular" appliance in the 5500-series family, the 5510 model includes optional Security Services Module (SSM) support and five built-in 10/100/1000 auto-sensing Gigabit Ethernet ports. This device also supports both IPsec and SSL VPN capabilities.
Beginning with this model, multiple security contexts are supported. Security contexts are a way of having multiple "virtual" firewall instances without having to purchase additional appliances. The 5510 includes 2 security contexts with the Security Plus license and supports up to a total of 5 contexts, with a separate dedicated context license.
Cisco 5520/5540
The 5520 member of the Cisco ASA family introduces a different licensing model. Beginning with the 5520, the ASAs have a Base license with optional additional licensing support for various features. These appliances includes 4 Gigabit Ethernet interfaces and full support for both IPsec and SSL VPNs, providing enhanced support for many types of remote connections, including remote/branch offices, SOHO and telecommuters, as well as strategic partners.
Cisco 5550
This model comes equipped with a built-in 4-port Gigabit Ethernet SSM module. This module includes four 10/100/1000 Gigabit Ethernet copper ports and four Gigabit Ethernet fiber SFP (Small Form-factor Pluggable) ports. Even though there are eight ports on this module, only four can be used at the same time. Effectively, each copper and fiber port maps to the same interface. Therefore, if the first two copper ports are used, the first two fiber ports cannot be used. This module, combined with the existing four 10/100/1000 Gigabit Ethernet ports built into the 5550 chassis give a total of eight Gigabit Ethernet ports possible. As with the 5510, 5520, and 5540, this module continues support for extensive SSL and IPsec VPN connections.
No comments:
Post a Comment