Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Security
Appliance and PIX
Security Appliance
Families
Lesson 2
ASA 5550
ASA 5540
Price
ASA 5520
ASA 5510
ASA 5505
Gigabit Ethernet
PIX 525
Price
PIX 515E
PIX 506E
PIX 501
Gigabit Ethernet
Functionality
© 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—2-4
Cisco ASA 5505 Adaptive Security
Appliance
Delivers small office, home office, and remote office security and VPN solutions
Provides up to 16,000 concurrent connections with Security Plus license
Provides up to 100-Mbps firewall throughput
Provides Interface support
– Built-in Layer 2 switch with eight Fast Ethernet ports
– Up to three VLANs
– One 802.1Q trunk port
– PoE on two ports
Supports failover
– Active/standby
– Stateless
Supports VPNs
– Site to site
– Remote access
– WebVPN
Speed
indicator
USB port
Status Flash
Power Active VPN
CompactFlash
Fixed interfaces
Security services
module
CompactFlash
*ASA 5510 Adaptive Security Appliance supports 10/100 Fast Ethernet ports.
Status Flash
Power Active VPN
Slot 1 Slot 0
Four Fiber
Gigabit Ethernet
ports
Link and
activity
Power Status
RJ-45 SFP
speed speed
LED LED
Status
LED SFP
RJ-45 Power ports
ports LED
© 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—2-20
Cisco PIX 501 Security Appliance
10/100BASE-T Power
(RJ-45) connector
Power
LED
Act
Network
Act Act
LED LED Power
Link Switch
Link
LED LED
10BASE-T or USB
100BASE-T port
(RJ-45) 10BASE-T or
Console
100BASE-T port (RJ-45)
(RJ-45)
Act
Power Network
Expansion
Fixed
slots
interfaces
Expansion Slots
Single-port Four-port
PIX Firewall VAC PIX Firewall VAC+
Fast Ethernet Fast Ethernet-66
Single-port
card
Four-port
card
Power
Act
Expansion slots
Fixed interfaces
Power
Active
DB-15
failover Slots Slots
8 7 6 5 4 3 2 1 0
PIX Firewall
VAC+
DB-15
failover
UR: Allows installation and use of the maximum number of interfaces and
RAM supported by the platform.
Restricted: Limits the number of interfaces supported and the amount of
RAM available within the system (no contexts and no failover).
Active/standby failure: Places one security appliance in a failover mode
for use alongside a security appliance that has a UR license. Only one
unit can be actively processing user traffic; the other unit acts as a hot
standby.
Active/active failover: Places a security appliance that has a UR license
in a failover mode for use alongside another security appliance that has a
UR license or two UR licenses. Both units can actively process traffic
while serving as a backup for each other.
DES license
– Provides 56-bit DES
3DES/AES license
– Provides 168-bit 3DES
– Provides up to 256-bit AES
Default Upgrade
© 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—2-50
PIX 515E, 525, and 535 Security
Appliances Licensing
License Physical
VLANs Contexts Memory Failover
Type Interfaces
PIX 515E Security Appliance
Restricted 3 10 N/A 64 No
UR 6 25 License up to five 128 Yes
PIX 525 Security Appliance
Restricted 6 25 N/A 128 No
UR 10 100 License up to 50 256 Yes
PIX 535 Security Appliance
Restricted 8 50 N/A 512 No
UR 14 150 License up to 50 1024 Yes
There are currently 10 Cisco ASA and PIX security appliance models.
– In the Cisco PIX 500 Series Security Appliance: PIX 501, 506E, 515E,
525, and 535 Security Appliances
– In the Cisco ASA 5500 Series Adaptive Security Appliance: ASA
5505, 5510, 5520, 5540, and 5550 Adaptive Security Appliances
You can extend the capabilities of your ASA 5505 or 5510 Adaptive
Security Appliances with the Security Plus license and feature licenses.
You can extend the capabilities of your ASA 5520, 5540, or 5550
Adaptive Security Appliances with feature licenses.
A Security Plus license extends the capabilities of multiple features.
A feature license extends the capabilities of a single feature.
Restricted, unrestricted, and failover licenses are available for PIX 515E,
525, and 535 Security Appliances.