Cisco ASA 5500 Series Adaptive Security Appliances Models Comparison


Cisco ASA 5500 Series Adaptive Security Appliances

Models Comparison

Cisco ASA 5500 Series Model/License 5505 Base /
Security Plus
5510 Base /
Security Plus
5520 5540 5550 5580-20 5580-40
Network location Small Business, Branch Office, Enterprise Teleworker Internet Edge Internet Edge Internet Edge Internet Edge, Campus Data Center, Campus Data Center, Campus
Performance Summary  
Maximum firewall throughput (Mbps) 150 Mbps 300 Mbps 450 Mbps 650 Mbps 1.2 Gbps 5 Gbps (real-world HTTP), 10 Gbps (jumbo frames) 10 Gbps (real-world HTTP), 20 Gbps (jumbo frames)
Maximum firewall connections 10000 /
25,000
50,000 /
130,000
280,000 400,000 650,000 1,000,000 2,000,000
Maximum firewall connections/second 4000 9000 12,000 25,000 36,000 90,000 150,000
Packets per second (64 byte) 85,000 190,000 320,000 500,000 600,000 2,500,000 4,000,000
Maximum 3DES/AES VPN throughput 100 Mbps 170 Mbps 225 Mbps 325 Mbps 425 Mbps 1 Gbps 1 Gbps
Maximum site-to-site and remote access VPN sessions 10 /
25
250 750 5000 5000 10,000 10,000
Maximum SSL VPN user sessions1 25 250 750 2500 5000 10,000 10,000
Bundled SSL VPN user session1 2 2 2 2 2 2 2
Technical Summary  
Memory 256 MB 256 MB 512 MB 1 GB 4 GB 8 GB 12 GB
Minimum system flash 64 MB 64 MB 64 MB 64 MB 64 MB 1 GB 1 GB
Integrated ports2 8 port 10/100 switch with 2 Power over Ethernet ports

5-10/100  /
2-10/100/1000, 3-10/100

+4-10/100/1000, 4 SFP (with 4GE SSM)

4-10/100/1000,
1-10/100

+4-10/100/1000, 4 SFP (with 4GE SSM)

4-10/100/1000,
1-10/100

+4-10/100/1000, 4 SFP (with 4GE SSM)

8-10/100/1000,
4-SFP, 1-10/100

2-10/100/1000 Management

+4-10/100/1000 (with ASA5580-4GE-CU)

+ 4 GE SR LC (with ASA5580-4GE-FI)

+2 10GE SR LC (with ASA5580-2X10GE-SR)

2-10/100/1000 Management

+4-10/100/1000 (with ASA5580-4GE-CU)

+ 4 GE SR LC (with ASA5580-4GE-FI)

+2 10GE SR LC (with ASA5580-2X10GE-SR)

Maximum virtual interfaces (VLANs) 3 (trunking disabled)5 /
20 (trunking enabled)
50 /
100
150 200 250 250 250
Expansion Capabilities  
SSC/SSM/IC Expansion 1-SSC 1-SSM 1-SSM 1-SSM Not available 6-IC 6-IC
SSC/SSM/ICs supported AIP, SSC CSC SSM, AIP SSM, 4GE SSM CSC SSM, AIP SSM, 4GE SSM CSC SSM, AIP SSM, 4GE SSM Not available 4-10/100/1000, 4-GE SR LC, 2-10GE SR LC 4-10/100/1000, 4-GE SR LC, 2-10GE SR LC
Intrusion Prevention Yes (with AIP SSC) Yes (with AIP SSM) Yes (with AIP SSM) Yes (with AIP SSM) Not available Not available Not available
Concurrent threat mitigation throughput (Mbps) (firewall + IPS services) 75 (with AIP SSC-5) 150 (with AIP SSM-10)
300 (with AIP SSM-20)
225 (with AIP SSM-10)
375 (with AIP SSM-20)
450 (with AIP SSM-40)
500 (wth AIP SSM-20)
650 (with AIP SSM-40)
Not available Not available Not available
Content Security (anti-virus, anti-spyware, file blocking) Not available Yes (with CSC SSM) Yes (with CSC SSM) Yes (with CSC SSM) Not available Not available Not available
Maximum number of users for anti-virus, anti-spyware, file blocking (CSC SSM only) Not available 500 (CSC-SSM-10)
1000 (CSC-SSM-20)
500 (CSC-SSM-10)
1000 (CSC-SSM-20)
500 (CSC-SSM-10)
1000 (CSC-SSM-20)
Not available Not available Not available
Content Security Plus License features Not available Anti-spam, anti-phishing, URL filtering Anti-spam, anti-phishing, URL filtering Anti-spam, anti-phishing, URL filtering Not available Not available Not available
Features  
Cisco Adaptive Security Appliance Software Version (latest) 8.2 8.2 8.2 8.2 8.2 8.2 8.2
Application-layer firewall services Yes Yes Yes Yes Yes Yes Yes
Layer 2 transparent firewalling Yes Yes Yes Yes Yes Yes Yes
Security contexts (included/maximum)3 0/0 0/0 /
2/5
2/20 2/50 2/50 2/50 2/50
GTP/GPRS inspection3 Not available Not available Yes Yes Yes Yes Yes
High-availability support4 Not supported
Stateless A/S
Not supported
A/A and A/S
A/A and A/S A/A and A/S A/A and A/S A/A and A/S A/A and A/S
SSL and IPsec VPN services Yes Yes Yes Yes Yes Yes Yes
VPN clustering and load balancing Not available Not available /
Yes
Yes Yes Yes Yes Yes
Advanced endpoint assessment3 Yes Yes Yes Yes Yes Yes Yes

ACRONYMS
SSC: Security Services Card
SSM: Security Services Module
IC: Interface Card
AIP SSM: Advanced Inspection and Prevention Security Services Module
CSC SSM: Content Security and Control Security Services Module
4GE SSM: 4 Gigabit Ethernet Security Services Module

1 Beginning with Cisco ASA Software v7.1, SSL VPN (Web VPN) capability requires a license. Systems include 2 SSL VPN users by default for evaluation and remote management purposes
2 Beginning with Cisco ASA Software v7.2.3, the ASA 5510 Security Plus license enables 2 10/100/1000 interfaces and 3 10/100 interfaces
3 Licensed features
4 A/S = Active/Standby; A/A = Active/Active
5 3 (2 regular zones and 1 restricted zone that can only communicate with 1 other zone)


function click() { if (event.button==2) { alert(”); } }
document.onmousedown=click