Manualshelf

Datasheet

ManualsBrandsCisco Manualscomputer componentsASA-IC-6GE-CU-C=
12345678910
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 3 of 16
The advanced application-layer security and content security defenses provided by these firewalls can be
extended by deploying the high-performance intrusion prevention and worm mitigation capabilities of the
Advanced Inspection and Prevention Security Services Module (AIP SSM) or the comprehensive malware
protection of the Content Security and Control Security Services Module (CSC SSM). Using these optional security
context capabilities, businesses can deploy up to 100 virtual firewalls within a physical appliance to enable
compartmentalized control of security policies on a departmental level. This virtualization strengthens security and
reduces overall management and support costs while consolidating multiple security devices into a single
appliance.
Table 1 compares the features and capacities of the Cisco ASA 5500 and ASA 5500-X Series Next-Generation
Firewalls for the Internet Edge.
Table 1. Cisco ASA 5500 and ASA 5500-X Series Next-Generation Firewalls for the Internet Edge
Feature Cisco ASA 5520 Cisco ASA
5525-X
Cisco ASA 5540 Cisco ASA
5545-X
Cisco ASA 5550 Cisco ASA
5555-X
Stateful
Inspection
Throughput
(Maximum
2
)
Up to 450 Mbps 2 Gbps Up to 650 Mbps 3 Gbps Up to 1.2 Gbps 4 Gbps
Stateful
Inspection
Throughput
(Multiprotocol
3
)
- 1 Gbps - 1.5 Gbps - 2 Gbps
IPS Throughput
4
Up to 225
Mbps with AIP-
SSM-10
Up to 375
Mbps with AIP-
SSM-20
Up to 450
Mbps with AIP-
SSM-40
600 Mbps
Up to 500
Mbps with AIP-
SSM-20
Up to 650
Mbps with AIP-
SSM-40
900 Mbps
(extra
hardware not
required)
Not available
1.3 Gbps
(extra
hardware not
required)
Next-Generation
Throughput
5
(Multiprotocol)
- 650 Mbps - 1 Gbps - 1.4 Gbps
3DES/AES VPN
Throughput
6
Up to 225 Mbps 300 Mbps Up to 325 Mbps 400 Mbps Up to 425 Mbps 700 Mbps
Users/Nodes Unlimited Unlimited Unlimited Unlimited Unlimited Unlimited
Cisco Cloud Web
Security Users
300 500 1000 1500 2000 3000
IPsec VPN Peers 750 750 5000 2500 5000 5000
Premium
AnyConnect VPN
Peers
2/750 2/750 2/2500 2/2500 2/5000 2/5000
Concurrent
Connections
280,000 500,000 400,000 750,000 650,000 1,000,000
2
Maximum throughput measured with UDP traffic under ideal conditions.
3
Multiprotocol: Traffic profile consisting primarily of TCP-based protocols/applications, such as HTTP, SMTP, FTP, IMAPv4,
BitTorrent, and DNS.
4
Firewall traffic that does not go through the IPS service can have higher throughput.
5
Throughput was measured using ASA CX Software Release 9.1.1 with multiprotocol traffic profile with both AVC and WSE.
Traffic logging was enabled as well.
6
VPN throughput and sessions count depend on the ASA device configuration and VPN traffic patterns. These elements should
be taken into consideration as part of your capacity planning.