Cisco ASA 5500 Series SSL/IPsec VPN Edition
| | (Cisco ASA 5500 Series SSL/IPsec VPN Edition) PDF
Delivering Safe, Secure, and Flexible Remote Network Access to Any Location
Today's remote-access VPN deployments require the ability to safely and easily extend corporate network access beyond managed desktops to different users, devices, and endpoints. The Cisco® ASA 5500 Series SSL/IPsec VPN Edition (also known as the Cisco Secure Remote Access solution) enables organizations to securely provide network access to a broad array of users, including mobile and fixed endpoints, remote offices, contractors, and business partners.
Supporting a wide range of deployment and application environments, the Cisco Secure Remote Access solution delivers maximum value to your organization with the most comprehensive set of Secure Socket Layer (SSL) and IP security (IPsec) Virtual Private Network (VPN) features, performance, and scalability in the industry. Cisco Secure Remote Access also provides organizations with the ability to use a powerful combination of multiple market-proven firewall, intrusion prevention (IPS), and content security technologies on a single unified platform.
Industry-Leading Remote-Access Technology for Your Organization
With inclusive support for unrestricted full-network access, as well as controlled access to select web-based applications and network resources, Cisco Secure Remote Access provides the flexibility required for any VPN deployment (Figure 1). The solution is easy to deploy and simple to use, offering both client and clientless options. It solves the unique challenges associated with diverse user groups and endpoints accessing the enterprise network, by offering granular access controls, depending on the user or endpoint, and robust endpoint security that maintains the integrity of confidential information.
|
| | | Figure 1. Customizable SSL VPN and IPsec Services for Any Deployment Scenario
| | | Cisco ASA 5500 Series SSL VPN: Profile and Benefits
Deployment flexibility: Extends the appropriate SSL VPN technology, either clientless or full-network access, on a per-session basis, depending on the user group or endpoint accessing the network.
Comprehensive network access: Broad application and network resource access is provided through the Cisco AnyConnect VPN Client, an automatically downloadable network-tunneling client that provides access to virtually any application or resource.
Optimized network performance: The Cisco AnyConnect VPN Client provides an optimized VPN connection for latency-sensitive traffic, such as voice over IP (VoIP) traffic or TCP-based application access.
Ubiquitous clientless access: Delivers secure remote access to authenticated users on both managed and unmanaged endpoints, enabling increased productivity by providing "anytime access" to the network.
Granular control: Empowers network and IT management with additional tools to provide controlled access to corporate network resources and applications.
Unparalleled management flexibility: Simplifies the complexity of managing diverse remote-access connectivity requirements common in today's enterprise.
Low total cost of ownership: Reduces expensive help-desk calls associated with network connectivity issues and eliminates the administration costs of managing VPN client software on every endpoint. | | | Combined Technologies for Enhanced Capabilities: SSL and IPsec VPN in One Platform
In addition to the SSL VPN features, users can also take advantage of Cisco's award-winning IPsec VPN technology. By offering converged SSL and IPsec VPN technologies on one platform, Cisco Secure Remote Access delivers a highly customizable one-box solution for diverse VPN deployment environments, eliminating the cost of deploying parallel remote-access solutions.
Cisco ASA 5500 Product Family
The Cisco ASA 5500 Series delivers site-specific scalability from the smallest business and small office/home office (SOHO) deployments to the largest enterprise networks with its seven models: the 5505, 5510, 5520, 5540, 5550, 5580-20, and 5580-40 (Figure 2). Each model is built with concurrent services scalability, investment protection, and future technology extensibility as its foundation. Table 1 lists the specifications of the Cisco ASA 5500 Series models.
Figure 2. Cisco ASA 5500 Series Products
| | | | | Table 1. Specifications of Cisco ASA 5500 Series Adaptive Security Appliance Models | | | | Platform | Cisco ASA 5505 | Cisco ASA 5510 | Cisco ASA 5520 | Cisco ASA 5540 | Cisco ASA 5550 | Cisco ASA
5580-20 | Cisco ASA 5580-40 | | Maximum VPN throughput | 100 Mbps | 170 Mbps | 225 Mbps | 325 Mbps | 425 Mbps | 1 Gbps | 1 Gbps | | Maximum concurrent SSL VPN sessions | 25 | 250 | 750 | 2500 | 5000 | 10,000 | 10,000 | | Maximum concurrent IPsec VPN sessions | 25 | 250 | 750 | 5000 | 5000 | 10,000 | 10,000 | | Interfaces | Eight 10/100 copper Ethernet ports with dynamic port grouping. Includes two Power over Ethernet (PoE) ports, three USB ports | Three 10/100/1000 copper Ethernet ports, one out-of-band management port, two USB ports | Four 10/100/1000 copper Ethernet ports, one out-of-band management port, two USB ports | Four 10/100/1000 copper Ethernet ports, one out-of-band management port, two USB ports | Eight Gigabit Ethernet ports, four small form factor-pluggable (SFP) fiber ports, one Fast Ethernet port | Two USB ports, two RJ-45 management ports, two Gigabit Ethernet management ports.
With interface expansion cards:
- Up to twelve 10Gigabit Ethernet (10GE) ports.
- Up to twenty-four Gigabit Ethernet ports.
- Up to twenty-four 10/100/1000 Ethernet ports.
| Two USB ports, two RJ-45 management ports, two Gigabit Ethernet management ports.
With interface expansion cards:
- Up to twelve 10GE ports
- Up to twenty-four Gigabit Ethernet ports
- Up to twenty-four 10/100/1000 Ethernet ports
| | Profile | Desktop | 1-RU | 1-RU | 1-RU | 1-RU | 4-RU | 4-RU | | Stateful failover | No | Licensed feature | Yes | Yes | Yes | Yes | Yes | | VPN load balancing | No | Licensed feature | Yes | Yes | Yes | Yes | Yes | | Shared VPN License Option | No | Yes | Yes | Yes | Yes | Yes | Yes |
| | | 1 Devices include a license for two SSL VPN users for evaluation and remote management purposes. The total concurrent IPsec and SSL (clientless and tunnel-based) VPN sessions may not exceed the maximum concurrent IPsec session count shown in the chart. The SSL VPN session number may also not exceed the number of licensed sessions on the device. The ASA 5580 supports greater simultaneous users than the ASA 5550 at comparable overall SSL VPN throughput to the ASA 5550. These items should be taken in to consideration as part of your capacity planning.
2 Upgrade is available with Cisco ASA 5510 Security Plus license. |
| | | Ordering Information
Tables 2 and 3 provide a subset of ordering information for Cisco AnyConnect Premium SSL VPN Edition Bundles and AnyConnect Essentials. Premium licenses may be purchased for either single devices or for a shared environment.
All Cisco ASA 5500 Series appliances include the maximum number of IPsec concurrent users in the base configuration of the chassis. Every Cisco ASA 5500 Series model can support SSL VPN through the purchase of an SSL VPN license. SSL VPN on the Cisco ASA 5500 Series may be purchased under a single part number as an edition bundle, or the chassis and SSL VPN feature license may be purchased separately, as indicated in Table 3. To place an order, email lynn@redlegg.com
| | | | | Table 2. Ordering Information for Premium Bundles (Single Device) | | | SSL VPN User Requirements | Premium VPN Bundles | Edition Bundle Part Number | | 10 SSL VPN users | Cisco ASA 5505 SSL/IPsec VPN Edition for 10 concurrent SSL VPN users (AnyConnect Premium-SSL VPN Edition) | ASA5505-SSL10-K9 | | 25 SSL VPN users | Cisco ASA 5505 SSL/IPsec VPN Edition for 25 concurrent SSL VPN users (AnyConnect Premium-SSL VPN Edition) | ASA5505-SSL25-K9 | | 50 SSL VPN users | Cisco ASA 5510 SSL/IPsec VPN Edition for 50 concurrent SSL VPN users (AnyConnect Premium-SSL VPN Edition) | ASA5510-SSL50-K9 | | 100 SSL VPN users | Cisco ASA 5510 SSL/IPsec VPN Edition for 100 concurrent SSL VPN users (AnyConnect Premium-SSL VPN Edition) | ASA5510-SSL100-K9 | | 250 SSL VPN users | Cisco ASA 5510 SSL/IPsec VPN Edition for 250 concurrent SSL VPN users (AnyConnect Premium-SSL VPN Edition) | ASA5510-SSL250-K9 | | 500 SSL VPN users | Cisco ASA 5520 SSL/IPsec VPN Edition for 500 concurrent SSL VPN users (AnyConnect Premium-SSL VPN Edition) | ASA5520-SSL500-K9 | | 1000 SSL VPN users | Cisco ASA 5540 SSL/IPsec VPN Edition for 1000 concurrent SSL VPN users (AnyConnect Premium-SSL VPN Edition) | ASA5540-SSL1000-K9 | | 2500 SSL VPN users | Cisco ASA 5540 SSL/IPsec VPN Edition for 2500 concurrent SSL VPN users (AnyConnect Premium-SSL VPN Edition) | ASA5540-SSL2500-K9 | | 2500 SSL VPN users | Cisco ASA 5550 SSL/IPsec VPN Edition for 2500 concurrent SSL VPN users (AnyConnect Premium-SSL VPN Edition) | ASA5550-SSL2500-K9 | | 5000 SSL VPN users | Cisco ASA 5550 SSL/IPsec VPN Edition for 5000 concurrent SSL VPN users (AnyConnect Premium-SSL VPN Edition) | ASA5550-SSL5000-K9 | | 10,000 SSL VPN users | Cisco ASA 5580-20 SSL/IPsec VPN Edition for 10,000 concurrent SSL VPN users (AnyConnect Premium-SSL VPN Edition) | ASA5580-20-10K-K9 |
| | | | |
| Table 3. Ordering Information for Individual (Single Device) Premium Licenses | | | SSL VPN User Requirements | Part Number | Cisco ASA 5505 | Cisco ASA 5510 | Cisco ASA 5520 | Cisco ASA 5540 | Cisco ASA 5550 | Cisco ASA 5580-20 | Cisco ASA 5580-40 | 10 SSL VPN users | ASA5500-SSL-10 | X | X | X | X | X | X | X | 25 SSL VPN users | ASA5500-SSL-25 | X | X | X | X | X | X | X | 50 SSL VPN users | ASA5500-SSL-50 | - | X | X | X | X | X | X | 100 SSL VPN users | ASA5500-SSL-100 | - | X | X | X | X | X | X | 250 SSL VPN users | ASA5500-SSL-250 | - | X | X | X | X | X | X | 500 SSL VPN users | ASA5500-SSL-500 | - | - | X | X | X | X | X | 750 SSL VPN users | ASA5500-SSL-750 | - | - | X | X | X | X | X | 1000 SSL VPN users | ASA5500-SSL-1000 | - | - | - | X | X | X | X | 2500 SSL VPN users | ASA5500-SSL-2500 | - | - | - | X | X | X | X | 5000 SSL VPN users | ASA5500-SSL-5000 | - | - | - | - | X | X | X | 10,000 SSL VPN users | ASA5500-SSL-10K | - | - | - | - | - | X | X |
| | | | |
| Table 4. Ordering information for AnyConnect Premium-SSL VPN Edition Shared Licenses (Shared License Server) | | | SSL VPN User Requirements | AnyConnect Premium-SSL VPN Edition Shared Licenses | Part Number | 500 SSL VPN users | Premium Shared VPN Server License-500 shared seats (AnyConnect Premium-SSL VPN Edition) | ASA-VPNS-500= | 1000 SSL VPN users | Premium Shared VPN Server License-1,000 shared seats (AnyConnect Premium-SSL VPN Edition) | ASA-VPNS-1000= | 2,500 SSL VPN users | Premium Shared VPN Server License-2,500 shared seats (AnyConnect Premium-SSL VPN Edition) | ASA-VPNS-2500= | 5,000 SSL VPN users | Premium Shared VPN Server License-5,000 shared seats (AnyConnect Premium-SSL VPN Edition) | ASA-VPNS-5000= | 7,500 SSL VPN users | Premium Shared VPN Server License-7,500 shared seats (AnyConnect Premium-SSL VPN Edition) | ASA-VPNS-7500= | 10,000 SSL VPN users | Premium Shared VPN Server License-10,000 shared seats (AnyConnect Premium-SSL VPN Edition) | ASA-VPNS-10K= | 20,000 SSL VPN users | Premium Shared VPN Server License-20,000 shared seats (AnyConnect Premium-SSL VPN Edition) | ASA-VPNS-20K= | 30,000 SSL VPN users | Premium Shared VPN Server License-30,000 shared seats (AnyConnect Premium-SSL VPN Edition) | ASA-VPNS-30K= | 40,000 SSL VPN users | Premium Shared VPN Server License-40,000 shared seats (AnyConnect Premium-SSL VPN Edition) | ASA-VPNS-40K= | 50,000 SSL VPN users | Premium Shared VPN Server License-50,000 shared seats (AnyConnect Premium-SSL VPN Edition) | ASA-VPNS-50K= | 100,000 SSL VPN users | Premium Shared VPN Server License-100,000 shared seats (AnyConnect Premium-SSL VPN Edition) | ASA-VPNS-100K= |
| | | | |
| Table 5. Ordering Information for AnyConnect Premium-SSL VPN Edition Shared Licenses (Participant) | | | SSL VPN User Requirements | Premium VPN Bundles | Edition Bundle Part Number | ASA 5510
(250 simultaneous) | Premium Shared VPN Participant License-ASA 5510 (AnyConnect Premium-SSL VPN Edition) | ASA-VPNP-5510= | ASA 5520
(750 simultaneous) | Premium Shared VPN Participant License-ASA 5520 (AnyConnect Premium-SSL VPN Edition) | ASA-VPNP-5520= | ASA 5540
(2500 simultaneous) | Premium Shared VPN Participant License-ASA 5540 (AnyConnect Premium-SSL VPN Edition) | ASA-VPNP-5540= | ASA 5550
(5000 simultaneous) | Premium Shared VPN Participant License-ASA 5550 (AnyConnect Premium-SSL VPN Edition) | ASA-VPNP-5550= | ASA 5580
(10,000 simultaneous) | Premium Shared VPN Participant License-ASA 5580 (AnyConnect Premium-SSL VPN Edition) | ASA-VPNP-5580= |
| | | | |
| Table 6. Ordering Information for AnyConnect Essentials Spares (Requires Cisco ASA Software Release 8.2 and Later) | | | AnyConnect Essentials Platform / Users | AnyConnect Essentials VPN Spares | Part Numbers | ASA 5505
(25 simultaneous) | AnyConnect Essentials VPN license-25 concurrent AnyConnect VPN Essentials users | ASA-AC-E-5505= | ASA 5510
(250 simultaneous) | AnyConnect Essentials VPN license-250 concurrent AnyConnect VPN Essentials users | ASA-AC-E-5510= | ASA 5520
(750 simultaneous) | AnyConnect Essentials VPN license-750 concurrent AnyConnect VPN Essentials users | ASA-AC-E-5520= | ASA 5540
(2500 simultaneous) | AnyConnect Essentials VPN license-2,500 concurrent AnyConnect VPN Essentials users | ASA-AC-E-5540= | ASA 5550
(5000 simultaneous) | AnyConnect Essentials VPN license-5,000 concurrent AnyConnect VPN Essentials users | ASA-AC-E-5550= | ASA 5580
(10,000 simultaneous) | AnyConnect Essentials VPN license-10,000 concurrent AnyConnect VPN Essentials users | ASA-AC-E-5580= |
| | | | |
| Electronic License Delivery (eDelivery) Most licenses are available for electronic delivery, which significantly speeds up license fulfillment time. To order a license electronically, be sure to choose to order part number(s) that begin with "L." Email lynn@redlegg.com for any specific product information. | | |
|