Cisco Asa 5525 X
Cisco Asa 5525 X
Cisco Asa 5525 X
Midsize businesses protecting the Internet edge require the same level of protection as large enterprise networks.
You require enterprise-strength security, but purchasing a firewall that was built to handle the performance needs
and budget of a large enterprise would be unnecessary and a waste of company resources. You need a firewall
that provides the performance you need at a price you can afford, along with the visibility and control you need to
take advantage of new applications and devices without compromising security.
Like their enterprise counterparts, Cisco ASA 5500 and ASA 5500-X Series Next-Generation Firewalls for the
Internet edge protect critical assets through:
● Exceptional next-generation firewall services that provide the visibility and control your enterprise needs to
safely take advantage of new applications and devices1
● Application Visibility and Control (AVC) to control specific behaviors within allowed micro-applications
● Web Security Essentials (WSE) to restrict web and web application usage based on reputation of the site
● Broad and deep network security through an array of integrated cloud- and software-based next-generation
firewall services backed by Cisco Security Intelligence Operations (SIO)
● Highly effective intrusion prevention system (IPS) with Cisco Global Correlation
● High-performance VPN and always-on remote access
● The ability to enable additional security services quickly and easily in response to changing needs
1
Please contact your sales representative for availability.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 16
Cisco ASA 5525-X, 5545-X, and 5555-X
The Cisco ASA 5525-X, 5545-X, and 5555-X are next-generation firewalls that combine the most widely deployed
stateful inspection firewall in the industry with a comprehensive suite of next-generation network security services -
for comprehensive security without compromise. They help meet evolving security needs by delivering multiple
next-generation security services, multigigabit performance, flexible interface options, and redundant power
supplies, all in a compact 1-RU form factor. These firewalls optionally provide broad and deep network security
services through an array of integrated cloud- and software-based security services, including Application Visibility
and Control (AVC), Web Security Essentials (WSE), Cisco Cloud Web Security (CWS), and the only context-aware
IPS - with no need for additional hardware modules.
The ASA 5525-X, 5545-X, and 5555-X Next-Generation Firewalls are part of the ASA 5500-X Series, which is built
on the same proven security platform as the rest of the ASA family of firewalls and delivers superior performance
for exceptional operational efficiency. These models are designed to meet evolving security needs by providing,
among other things, innovative next-generation firewall services that make it possible to take advantage of new
applications and devices without compromising security. Unlike other next-generation firewalls, the Cisco ASA
5500-X Series keeps pace with rapidly evolving needs by offering end-to-end network intelligence gained from
combining the visibility from local traffic with in-depth global network intelligence through:
Businesses can extend their SSL and IPsec VPN capacity to support a larger number of mobile workers, remote
sites, and business partners. Up to 5000 Cisco AnyConnect and/or clientless VPN peers can be supported. VPN
capacity and resiliency can be increased by taking advantage of integrated VPN clustering and load-balancing
capabilities. The Cisco ASA 5520, 5540, and 5550 support up to 10 firewalls in a cluster, offering a maximum of
50,000 AnyConnect and/or clientless VPN peers or 50,000 IPsec VPN peers per cluster. For business continuity
and event planning, the Cisco ASA 5520, 5540, and 5550 can also benefit from Cisco VPN Flex licenses, which
enable administrators to react to or plan for short-term “bursts” of concurrent Premium VPN remote-access users
for up to two months.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 16
The advanced application-layer security and content security defenses provided by these firewalls can be extended
by deploying the high-performance intrusion prevention and worm mitigation capabilities of the Advanced
Inspection and Prevention Security Services Module (AIP SSM) or the comprehensive malware protection of the
Content Security and Control Security Services Module (CSC SSM). Using these optional security context
capabilities, businesses can deploy up to 100 virtual firewalls within a physical appliance to enable
compartmentalized control of security policies on a departmental level. This virtualization strengthens security and
reduces overall management and support costs while consolidating multiple security devices into a single
appliance.
Table 1 compares the features and capacities of the Cisco ASA 5500 and ASA 5500-X Series Next-Generation
Firewalls for the Internet Edge.
Table 1. Cisco ASA 5500 and ASA 5500-X Series Next-Generation Firewalls for the Internet Edge
Feature Cisco ASA 5520 Cisco ASA Cisco ASA 5540 Cisco ASA Cisco ASA 5550 Cisco ASA
5525-X 5545-X 5555-X
Stateful Up to 450 Mbps 2 Gbps Up to 650 Mbps 3 Gbps Up to 1.2 Gbps 4 Gbps
Inspection
Throughput
(Maximum2)
Stateful - 1 Gbps - 1.5 Gbps - 2 Gbps
Inspection
Throughput
(Multiprotocol3)
IPS Throughput4 ● Up to 225 ● 600 Mbps ● Up to 500 ● 900 Mbps ● Not available ● 1.3 Gbps
Mbps with AIP- Mbps with AIP- (extra (extra
SSM-10 SSM-20 hardware not hardware not
● Up to 375 ● Up to 650 required) required)
Mbps with AIP- Mbps with AIP-
SSM-20 SSM-40
● Up to 450
Mbps with AIP-
SSM-40
3DES/AES VPN Up to 225 Mbps 300 Mbps Up to 325 Mbps 400 Mbps Up to 425 Mbps 700 Mbps
Throughput6
Users/Nodes Unlimited Unlimited Unlimited Unlimited Unlimited Unlimited
Cisco Cloud Web For detailed sizing guidance see the CWS Connector Sizing for ASA 5500 and ASA 5500-X
Security Users
IPsec VPN Peers 750 750 5000 2500 5000 5000
Premium 2/750 2/750 2/2500 2/2500 2/5000 2/5000
AnyConnect VPN
Peers
Concurrent 280,000 500,000 400,000 750,000 650,000 1,000,000
Connections
2
Maximum throughput measured with UDP traffic under ideal conditions.
3
Multiprotocol: Traffic profile consisting primarily of TCP-based protocols/applications, such as HTTP, SMTP, FTP, IMAPv4,
BitTorrent, and DNS.
4
Firewall traffic that does not go through the IPS service can have higher throughput.
5
Throughput was measured using ASA CX Software Release 9.1.1 with multiprotocol traffic profile with both AVC and WSE.
Traffic logging was enabled as well.
6
VPN throughput and sessions count depend on the ASA device configuration and VPN traffic patterns. These elements should
be taken into consideration as part of your capacity planning.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 3 of 16
Feature Cisco ASA 5520 Cisco ASA Cisco ASA 5540 Cisco ASA Cisco ASA 5550 Cisco ASA
5525-X 5545-X 5555-X
New 12,000 20,000 25,000 30,000 33,000 50,000
Connections/
Second
Virtual Interfaces 150 200 200 300 400 500
(VLANs)
Security 2/20 2/20 2/50 2/50 2/50 2/100
Contexts
(Included/
Maximum)7
High Availability Active/Active and Active/Active and Active/Active and Active/Active and Active/Active and Active/Active and
Active/Standby Active/Standby Active/Standby Active/Standby Active/Standby Active/Standby
Expansion Slot 1 SSM 1 interface card 1 SSM 1 interface card 0 1 interface card
Number of User- 1 0 1 - 1 0
Accessible Flash
Slots
USB 2.0 Ports 2 2 2 2 2 22
Integrated I/O 4 GE + 1 Fast 8 GE copper 4 GE + 1 Fast 8 GE copper 8 GE + 1 Fast 8 GE copper
Ethernet Ethernet Ethernet
Expansion I/O 4 GE copper or 6 GE copper or 4 GE copper or 6 GE copper or None 6 GE copper or
4 GE SFP 6 GE SFP 4 GE SFP 6 GE SFP 6 GE SFP
Dedicated None Yes (1 GE) None Yes (1 GE) None Yes (1 GE)
Management Port
Serial Ports 2 RJ-45, console 1 RJ-45 2 RJ-45, console 1 RJ-45 2 RJ-45, console 1 RJ-45
and auxiliary and auxiliary and auxiliary
Solid State Drive - 1 slot - 2 slots, RAID 1 - 2 slots, RAID 1
120 GB MLC SED 120 GB MLC SED 120 GB MLC SED
Memory 2 GB 8 GB 2 GB 12 GB 4 GB 16 GB
Minimum System 256 MB 8 GB 256 MB 8 GB 256 MB 8 GB
Flash
Operating
Temperature 32 to 104ºF 23 to 104°F 32 to 104ºF 23 to 104°F 32 to 104ºF 23 to 104°F
(0 to 40ºC) (-5 to 40°C) (0 to 40ºC) (-5 to 40°C) (0 to 40ºC) (-5 to 40°C)
Relative Humidity 5 to 95 percent 90 percent 5 to 95 percent 90 percent 5 to 95 percent 90 percent
noncondensing noncondensing noncondensing
Altitude Designed and Designed and Designed and Designed and Designed and Designed and
tested for 0 to tested for 0 to tested for 0 to tested for 0 to tested for 0 to tested for 0 to
9840 ft (3000m); 10,000 ft (3050m) 9840 ft (3000m); 10,000 ft (3050m) 9840 ft (3000m); 10,000 ft (3050m)
agency approved agency approved agency approved
for 2000m for 2000m for 2000m
Shock 1.14 m/sec (45 50G, 2 m/sec 1.14 m/sec (45 50G, 2 m/sec 1.14 m/sec (45 50G, 2 m/sec
in./sec) 1/2 sine in./sec) 1/2 sine in./sec) 1/2 sine
input input input
Vibration 0.41 Grms2 (3 to 0.41 Grms (3 to 0.41 Grms2 (3 to 0.41 Grms (3 to 0.41 Grms2 (3 to 0.41 Grms (3 to
500 Hz) random 500Hz) random 500 Hz) random 500Hz) random 500 Hz) random 500Hz) random
input input input input input input
Acoustic Noise 60 dBa max 64.2 dBa max 60 dBa max 67.9 dBa max 60 dBa max 67.9 dBa max
7
Separately licensed feature; includes two SSL licenses with base system.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 4 of 16
Feature Cisco ASA 5520 Cisco ASA Cisco ASA 5540 Cisco ASA Cisco ASA 5550 Cisco ASA
5525-X 5545-X 5555-X
Nonoperating
Temperature -13 to 158ºF -13 to 158°F -13 to 158ºF -13 to 158°F -13 to 158ºF -13 to 158°F
(-25 to 70ºC) (-25 to 70°C) (-25 to 70ºC) (-25 to 70°C) (-25 to 70ºC) (-25 to 70°C)
Relative Humidity 5 to 95 percent 10 to 90 percent 5 to 95 percent 10 to 90 percent 5 to 95 percent 10 to 90 percent
noncondensing noncondensing noncondensing
Altitude 0 to 15,000 ft Designed and 0 to 15,000 ft Designed and 0 to 15,000 ft Designed and
(4570m) tested for 0 to (4570m) tested for 0 to (4570m) tested for 0 to
15,000 ft (4572m) 15,000 ft (4572m) 15,000 ft (4572m)
Shock 30G 70G, 4.22 m/sec 30G 70G,4.22 m/sec 30G 70G, 4.22 m/sec
Vibration 0.41 Grms2 (3 to 1.12 Grms (3 to 0.41 Grms2 (3 to 1.12 Grms (3 to 0.41 Grms2 (3 to 1.12 Grms (3 to
500 Hz) random 500Hz) random 500 Hz) random 500Hz) random 500 Hz) random 500Hz) random
input input input input input input
Power
AC Normal Line 100 to 240 VAC 100 to 240 VAC 100 to 240 VAC 100 to 240 VAC 100 to 240 VAC 100 to 240 VAC
Voltage
AC Current 3A 4.85A 3A 5A, 100 to 120V 3A 5A, 100 to 120V
2.5A, 200 to 240V 2.5A, 200 to 240V
AC Frequency 47/63 Hz, single- 50/60 Hz 47/63 Hz, single- 50/60 Hz 47/63 Hz, single- 50/60 Hz
phase phase phase
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 5 of 16
Feature Cisco ASA 5520 Cisco ASA Cisco ASA 5540 Cisco ASA Cisco ASA 5550 Cisco ASA
5525-X 5545-X 5555-X
Regulatory and Standards Compliance
Safety UL 60950, CSA IEC 60950-1: UL 60950, CSA IEC 60950-1: UL 60950, CSA IEC 60950-1:
C22.2 No. 60950, 2005, 2nd Edition C22.2 No. 60950, 2005, 2nd Edition C22.2 No. 60950, 2005, 2nd Edition
EN 60950 IEC EN 60950- EN 60950 IEC EN 60950- EN 60950 IEC EN 60950-
60950, 1:2006+A11: 2009 60950, 1:2006+A11: 2009 60950, 1:2006+A11: 2009
AS/NZS60950 UL 60950-1:2007, AS/NZS60950 UL 60950-1:2007, AS/NZS60950 UL 60950-1:2007,
2nd Edition; 2nd Edition; 2nd Edition;
CSA C22.2 No. CSA C22.2 No. CSA C22.2 No.
60950-1-07, 2nd 60950-1-07, 2nd 60950-1-07, 2nd
Edition Edition Edition
Electromagnetic CE marking, FCC CE: EN55022 CE marking, FCC CE: EN55022 CE marking, FCC CE: EN55022
Compatibility Part 15 Class A, 2006+A1: 2007 Part 15 Class A, 2006+A1: 2007 Part 15 Class A, 2006+A1: 2007
(EMC) AS/NZS CISPR22 Class A; EN55024 AS/NZS CISPR22 Class A; EN55024 AS/NZS CISPR22 Class A; EN55024
Class A, VCCI 1998+A1:2001+A2 Class A, VCCI 1998+A1:2001+A2 Class A, VCCI 1998+A1:2001+A2
Class A, EN55022 :2003; EN61000-3- Class A, EN55022 :2003; EN61000-3- Class A, EN55022 :2003; EN61000-3-
Class A, CISPR22 2 2009;EN61000- Class A, CISPR22 2 2009;EN61000- Class A, CISPR22 2 2009;EN61000-
Class A, 3-3 2008; Class A, 3-3 2008; Class A, 3-3 2008;
EN61000-3-2, FCC:CFR 47, Part EN61000-3-2, FCC:CFR 47, Part EN61000-3-2, FCC:CFR 47, Part
EN61000-3-3 15 Subpart B EN61000-3-3 15 Subpart B EN61000-3-3 15 Subpart B
Class A Class A Class A
2010,ANSI C63.4 2010,ANSI C63.4 2010,ANSI C63.4
2009; 2009; 2009;
ICES-003 ISSUE 4 ICES-003 ISSUE 4 ICES-003 ISSUE 4
FEBRUARY.2004; FEBRUARY.2004; FEBRUARY.2004;
VCCI:V-3/2011.04; VCCI:V-3/2011.04; VCCI:V-3/2011.04;
C-TICK:AS/NZS C-TICK:AS/NZS C-TICK:AS/NZS
CISPR 22,2009 CISPR 22,2009 CISPR 22,2009
KC:KN22 & KN24 KC:KN22 & KN24 KC:KN22 & KN24
Industry Common Criteria In process FIPS 140-2 Level In process FIPS 140-2 Level In process
Certifications EAL4 US DoD 2 2
Application-Level In process: In process:
Firewall for Common Criteria Common Criteria
Medium- EAL4+ US DoD EAL4+ US DoD
Robustness Application-Level Application-Level
Environments, Firewall for Firewall for
Common Criteria Medium- Medium-
EAL2 for IPS on Robustness Robustness
AIP SSM-10 and - Environments, and Environments, and
20, FIPS 140-2 Common Criteria Common Criteria
Level 2, and NEBS EAL4 for EAL4 for
Level 3 IPsec/SSL VPN IPsec/SSL VPN
In process:
Common Criteria
EAL4+ US DoD
Application-Level
Firewall for
Medium-
Robustness
Environments, and
Common Criteria
EAL4 for
IPsec/SSL VPN
Cisco ASA 5500 Series Security Services Processors, Modules, and Cards
The Cisco ASA 5500 Series brings a new level of integrated security performance to networks with its highly
effective IPS services and multiprocessor hardware architecture. This architecture allows businesses to adapt and
extend the high-performance security services profile of the Cisco ASA 5500 Series. Customers can add additional
high-performance services using security services modules with dedicated security co-processors, and can
custom-tailor flow-specific policies using a highly flexible policy framework. This adaptable architecture enables
businesses to deploy new security services when and where they are needed, such as adding the broad range of
intrusion prevention and advanced antiworm services delivered by the IPS modules via the AIP SSM and AIP SSC,
or the comprehensive malware protection and content security services enabled by the CSC SSM. Further, the
Cisco ASA 5500 Series architecture allows Cisco to introduce new services to address new threats, giving
businesses outstanding investment protection.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 6 of 16
The Cisco ASA 5500 Series AIP SSM and AIP SSC are inline, network-based solutions that accurately identify,
classify, and stop malicious traffic before it affects business continuity for IPv4, IPv6, and hybrid IPv6 and IPv4
networks. They combine inline prevention services with innovative technologies, resulting in total confidence in the
provided protection of the deployed IPS solution, without the fear of legitimate traffic being dropped. The AIP SSM
and AIP SSC also offer comprehensive network protection through their unique ability to collaborate with other
network security resources, providing a proactive approach to protecting the network.
Accurate inline prevention technologies provide unparalleled confidence to take preventive action on a broader
range of threats without the risk of dropping legitimate traffic. These unique technologies offer intelligent,
automated, contextual analysis of data and help ensure that businesses are getting the most out of their intrusion
prevention solutions. Furthermore, the IPS SSP, AIP SSM, and AIP SSC use multivector threat identification to
protect the network from policy violations, vulnerability exploitations, and anomalous activity through detailed
inspection of traffic in Layers 2 through 7.
Table 2 details the AIP SSM models that are available, and their respective performance and physical
characteristics.
Feature Cisco ASA 5500 Series Cisco ASA 5500 Series Cisco ASA 5500 Series
AIP-SSM-10 AIP-SSM-20 AIP-SSM-40
Concurrent Threat ● 225 Mbps with Cisco ASA 5520 ● 375 Mbps with Cisco ASA 5520 ● 450 Mbps with Cisco ASA 5520
Mitigation Throughput ● 500 Mbps with Cisco ASA 5540 ● 650 Mbps with Cisco ASA 5540
(Firewall + IPS Services)
Technical Specifications
Memory 1 GB 2 GB 4 GB
Flash 256 MB 256 MB 2 GB
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 7 of 16
Cisco ASA 5500 Series Content Security and Control Module
The Cisco ASA 5500 Series CSC SSM delivers industry-leading threat protection and content control at the
Internet edge, providing comprehensive antivirus, antispyware, file blocking, antispam, antiphishing, URL blocking
and filtering, and content filtering services in an easy-to-manage solution. The CSC SSM bolsters the Cisco ASA
5500 Series’ strong security capabilities, providing customers with additional protection of and control over the
content of their business communications. The module provides additional flexibility and choice over the
functioning and deployment of Cisco ASA 5500 Series firewalls. Licensing options enable organizations to
customize the features and capabilities to each group’s needs, with features that include advanced content
services and increased user capacity. The CSC SSM ships with a default feature set that provides antivirus,
antispyware, and file blocking services.
A Plus license is available for each CSC SSM at an additional charge, delivering capabilities such as antispam,
antiphishing, URL blocking and filtering, and content control services. Businesses can extend the user capacity of
the CSC SSM by purchasing and installing additional user licenses. A detailed listing of these options is shown in
Table 3 and in the CSC SSM data sheet.
Feature Cisco ASA 5500 Series CSC-SSM-10 Cisco ASA 5500 Series CSC-SSM-20
Optional Feature Upgrades Plus license: Adds antispam, antiphishing, URL blocking and filtering, and content control
Technical Specifications
Memory 1 GB 2 GB
System Flash 256 MB 256 MB
Environmental Operating Ranges
Operating
Temperature 32 to 104ºF (0 to 40ºC)
Relative Humidity 10 to 90 percent, noncondensing
Nonoperating
Temperature -13 to 158ºF (-25 to 70ºC)
Power Consumption 90W maximum
Physical Specifications
Dimensions (H x W x D) 1.70 x 6.80 x 12.25 in. (4.32 x 17.27 x 31.12 cm)
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 8 of 16
Feature Cisco ASA 5500 Series CSC-SSM-10 Cisco ASA 5500 Series CSC-SSM-20
Regulatory and Standards Compliance
Safety UL 60950, CSA C22.2 No. 60950, EN 60950 IEC 60950, AS/NZS60950
Electromagnetic CE marking, FCC Part 15 Class A, AS/NZS CISPR22 Class A, VCCI Class A, EN55022 Class A, CISPR22
Compatibility (EMC) Class A, EN61000-3-2, EN61000-3-3
Table 4. Characteristics of Cisco ASA 5500 Series 4-Port Gigabit Ethernet SSMs
Technical Specifications
Integrated LAN Ports Four 10/100/1000BASE-T
Integrated SFP Ports Four (Gigabit Ethernet Optical SFP 1000BASE-SX or LX/LH transceiver supported)
Environmental Operating Ranges
Operating
Temperature 32 to 104ºF (0 to 40ºC)
Relative Humidity 5 to 95 percent noncondensing
Nonoperating
Temperature -13 to 158ºF (-25 to 70ºC)
Power Consumption 25W maximum
Physical Specifications
Dimensions (H x W x D) 1.70 x 6.80 x 12.25 in. (4.32 x 17.27 x 31.12 cm)
Electromagnetic CE marking, FCC Part 15 Class A, AS/NZS CISPR22 Class A, VCCI Class A, EN55022 Class A, CISPR22
Compatibility (EMC) Class A, EN61000-3-2, EN61000-3-3
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 9 of 16
Cisco ASA 5500-X Series 6-Port Gigabit Ethernet Interface Cards
Cisco ASA 5500-X Series 6-port Gigabit Ethernet Interface Cards extend the I/O profile of the ASA 5525-X through
ASA 5555-X by providing additional GE ports. The cards provide the following benefits:
Table 5. Characteristics of Cisco ASA 5500-X Series 6-Port Gigabit Ethernet Interface Cards
Feature Cisco ASA 5500-X Series 6-Port 10/100/1000 Cisco ASA 5500-X Series 6-Port GE SFP SX, LH, LX
Technical Specifications
Integrated Ports Six 10/100/1000BASE-T Six (Gigabit Ethernet Optical SFP 1000BASE-SX or LX/LH
transceiver supported)
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 10 of 16
Ordering Information
To place an order, visit the Cisco Ordering Home Page. Table 6 provides ordering information for the Cisco ASA
5500 Series and ASA 5500-X Series Next-Generation Firewalls.
Cisco ASA 5520 Firewall Edition; includes 4 Gigabit Ethernet interfaces + 1 Fast Ethernet interface, 750 IPsec ASA5520-BUN-K9
VPN peers, 2 Premium VPN peers, Active/Active and Active/Standby high availability, 3DES/AES license
Cisco ASA 5520 Firewall Edition; includes 4 Gigabit Ethernet interfaces + 1 Fast Ethernet interface, 750 IPsec ASA5520-K8
VPN peers, 2 Premium VPN peers, Active/Active and Active/Standby high availability, DES license
Cisco ASA 5540 Firewall Edition; includes 4 Gigabit Ethernet interfaces + 1 Fast Ethernet interface, 5000 IPsec ASA5540-BUN-K9
VPN peers, 2 Premium VPN peers, 3DES/AES license
Cisco ASA 5540 Firewall Edition; includes 4 Gigabit Ethernet interfaces + 1 Fast Ethernet interface, 5000 IPsec ASA5540-K8
VPN peers, 2 Premium VPN peers, DES license
Cisco ASA 5550 Firewall Edition; includes 8 Gigabit Ethernet interfaces + 1 Fast Ethernet interface, 4 Gigabit ASA5550-BUN-K9
SFP interfaces, 5000 IPsec VPN peers, 2 Premium VPN peers, 3DES/AES license
Cisco ASA 5550 Firewall Edition; includes 8 Gigabit Ethernet interfaces + 1 Fast Ethernet interface, 4 Gigabit ASA5550-K8
SFP interfaces, 5000 IPsec VPN peers, 2 Premium VPN peers, DES license
Cisco ASA 5525-X Firewall Edition; includes firewall services, 750 IPsec VPN peers, 2 SSL VPN peers, ASA5525-K7
8 copper Gigabit Ethernet data ports, 1 copper Gigabit Ethernet management port, 1 AC power supply,
Active/Active High Availability, 2 security contexts, no payload encryption
Cisco ASA 5525-X Firewall Edition; includes firewall services, 750 IPsec VPN peers, 2 SSL VPN peers, ASA5525-K8
8 copper Gigabit Ethernet data ports, 1 copper Gigabit Ethernet management port, 1 AC power supply,
Active/Active High Availability, 2 security contexts, DES license
Cisco ASA 5525-X Firewall Edition; includes firewall services, 750 IPsec VPN peers, 2 SSL VPN peers, ASA5525-DC-K8
8 copper Gigabit Ethernet data ports, 1 copper Gigabit Ethernet management port, 1 DC power supply,
Active/Active High Availability, 2 security contexts, DES license
Cisco ASA 5525-X Firewall Edition; includes firewall services, 750 IPsec VPN peers, 2 SSL VPN peers, ASA5525-K9
8 copper Gigabit Ethernet data ports, 1 copper Gigabit Ethernet management port, 1 AC power supply,
Active/Active High Availability, 2 security contexts, 3DES/AES license
Cisco ASA 5525-X Firewall Edition; includes firewall services, 750 IPsec VPN peers, 2 SSL VPN peers, ASA5525-CU-K9
14 copper Gigabit Ethernet data ports, 1 copper Gigabit Ethernet management port, 1 AC power supply,
Active/Active High Availability, 2 security contexts, 3DES/AES license
Cisco ASA 5545-X Firewall Edition; includes firewall services, 2500 IPsec VPN peers, 2 SSL VPN peers, ASA5545-K7
8 copper Gigabit Ethernet data ports, 1 copper Gigabit Ethernet management port, 1 AC power supply,
Active/Active High Availability, 2 security contexts, no payload encryption
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 11 of 16
Product Name Part Number
Cisco ASA 5545-X Firewall Edition; includes firewall services, 2500 IPsec VPN peers, 2 SSL VPN peers, ASA5545-K8
8 copper Gigabit Ethernet data ports, 1 copper Gigabit Ethernet management port, 1 AC power supply,
Active/Active High Availability, 2 security contexts, DES license
Cisco ASA 5545-X Firewall Edition; includes firewall services, 2500 IPsec VPN peers, 2 SSL VPN peers, ASA5545-DC-K8
8 copper Gigabit Ethernet data ports, 1 copper Gigabit Ethernet management port, 1 DC power supply,
Active/Active High Availability, 2 security contexts, DES license
Cisco ASA 5545-X Firewall Edition; includes firewall services, 2500 IPsec VPN peers, 2 SSL VPN peers, ASA5545-K9
8 copper Gigabit Ethernet data ports, 1 copper Gigabit Ethernet management port, 1 AC power supply,
Active/Active High Availability, 2 security contexts, 3DES/AES license
Cisco ASA 5545-X Firewall Edition; includes firewall services, 2500 IPsec VPN peers, 2 SSL VPN peers, ASA5545-CU-2AC-K9
14 copper Gigabit Ethernet data ports, 1 copper Gigabit Ethernet management port, 1+1 AC power supply,
Active/Active High Availability, 2 security contexts, 3DES/AES license
Cisco ASA 5555-X Firewall Edition; includes firewall services, 5000 IPsec VPN peers, 2 SSL VPN peers, ASA5545-K7
8 copper Gigabit Ethernet data ports, 1 copper Gigabit Ethernet management port, 1 AC power supply,
Active/Active High Availability, 2 security contexts, no payload encryption
Cisco ASA 5555-X Firewall Edition; includes firewall services, 5000 IPsec VPN peers, 2 SSL VPN peers, ASA5545-K8
8 copper Gigabit Ethernet data ports, 1 copper Gigabit Ethernet management port, 1 AC power supply,
Active/Active High Availability, 2 security contexts, DES license
Cisco ASA 5555-X Firewall Edition; includes firewall services, 5000 IPsec VPN peers, 2 SSL VPN peers, ASA5555-DC-K8
8 copper Gigabit Ethernet data ports, 1 copper Gigabit Ethernet management port, 1 DC power supply,
Active/Active High Availability, 2 security contexts, DES license
Cisco ASA 5555-X Firewall Edition; includes firewall services, 5000 IPsec VPN peers, 2 SSL VPN peers, ASA5545-K9
8 copper Gigabit Ethernet data ports, 1 copper Gigabit Ethernet management port, 1 AC power supply,
Active/Active High Availability, 2 security contexts, 3DES/AES license
Cisco ASA 5555-X Firewall Edition; includes firewall services, 5000 IPsec VPN peers, 2 SSL VPN peers, ASA5555-CU-2AC-K9
14 copper Gigabit Ethernet data ports, 1 copper Gigabit Ethernet management port, 1+1 AC power supply,
Active/Active High Availability, 2 security contexts, 3DES/AES license
Cisco ASA 5500 Series IPS Edition Bundles
Cisco ASA 5520 IPS Edition; includes AIP-SSM-10, firewall services, 750 IPsec VPN peers, 2 Premium VPN ASA5520-AIP10-K9
peers, 4 Gigabit Ethernet interfaces, 1 Fast Ethernet interface
Cisco ASA 5520 IPS Edition; includes AIP-SSM-20, firewall services, 750 IPsec VPN peers, 2 Premium VPN ASA5520-AIP20-K9
peers, 4 Gigabit Ethernet interfaces, 1 Fast Ethernet interface
Cisco ASA 5520 IPS Edition; includes AIP-SSM-40, firewall services, 750 IPsec VPN peers, 2 Premium VPN ASA5520-AIP40-K9
peers, 4 Gigabit Ethernet interfaces, 1 Fast Ethernet interface
Cisco ASA 5540 IPS Edition; includes AIP-SSM-20, firewall services, 5000 IPsec VPN peers, 2 Premium VPN ASA5540-AIP20-K9
peers, 4 Gigabit Ethernet interfaces, 1 Fast Ethernet interface
Cisco ASA 5540 IPS Edition; includes AIP-SSM-40, firewall services, 5000 IPsec VPN peers, 2 Premium VPN ASA5540-AIP40-K9
peers, 4 Gigabit Ethernet interfaces, 1 Fast Ethernet interface
Cisco ASA 5525-X IPS Edition; includes IPS service, 750 IPsec VPN peers, 2 SSL VPN peers, firewall services, ASA5525-IPS-K8
8 copper Gigabit Ethernet data ports, 1 copper Gigabit Ethernet Management, 1 AC power supply,
Active/Active High Availability, 2 security contexts, DES license
Cisco ASA 5525-X IPS Edition; includes IPS service, 750 IPsec VPN peers, 2 SSL VPN peers, firewall services, ASA5525-IPS-K9
8 copper Gigabit Ethernet data ports, 1 copper Gigabit Ethernet management port, 1 AC power supply,
Active/Active High Availability, 2 security contexts, 3DES/AES license
Cisco ASA 5545-X IPS Edition; includes IPS service, 2500 IPsec VPN peers, 2 SSL VPN peers, firewall services, ASA5545-IPS-K8
8 copper Gigabit Ethernet data ports, 1 copper Gigabit Ethernet management port, 1 AC power supply,
Active/Active High Availability, 2 security contexts, DES license
Cisco ASA 5545-X IPS Edition; includes IPS service, 2500 IPsec VPN peers, 2 SSL VPN peers, firewall services, ASA5545-IPS-K9
8 copper Gigabit Ethernet data ports, 1 copper Gigabit Ethernet management port, 1 AC power supply,
Active/Active High Availability, 2 security contexts, 3DES/AES license
Cisco ASA 5555-X IPS Edition; includes IPS service, 5000 IPsec VPN peers, 2 SSL VPN peers, firewall services, ASA5555-IPS-K8
8 copper Gigabit Ethernet data ports, 1 copper Gigabit Ethernet management port, 1 AC power supply,
Active/Active High Availability, 2 security contexts, DES license
Cisco ASA 5555-X IPS Edition; includes IPS service, 5000 IPsec VPN peers, 2 SSL VPN peers, firewall services, ASA5555-IPS-K9
8 copper Gigabit Ethernet data ports, 1 copper Gigabit Ethernet management port, 1 AC power supply,
Active/Active High Availability, 2 security contexts, 3DES/AES license
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 12 of 16
Product Name Part Number
Cisco ASA 5500 Series Content Security Edition Bundles
Cisco ASA 5520 Content Security Edition; includes CSC-SSM-10, 50-user antivirus/antispyware with 1-year ASA5520-CSC10-K9
subscription, firewall services, 750 IPsec VPN peers, 2 Premium VPN peers, 4 Gigabit Ethernet interfaces,
1 Fast Ethernet interface
Cisco ASA 5520 Content Security Edition; includes CSC-SSM-20, 500-user antivirus/antispyware with 1-year ASA5520-CSC20-K9
subscription, firewall services, 750 IPsec VPN peers, 2 Premium VPN peers, 4 Gigabit Ethernet interfaces,
1 Fast Ethernet interface
Cisco ASA 5500 Series SSL/IPsec VPN Edition Bundles
Cisco ASA 5520 SSL/IPsec VPN Edition; includes 750 IPsec VPN peers, 500 Premium VPN peers, firewall ASA5520-SSL500-K9
services, 4 Gigabit Ethernet interfaces, 1 Fast Ethernet interface
Cisco ASA 5540 SSL/IPsec VPN Edition; includes 5000 IPsec VPN peers, 1000 Premium VPN peers, firewall ASA5540-SSL1000-K9
services, 4 Gigabit Ethernet interfaces, 1 Fast Ethernet interface
Cisco ASA 5540 SSL/IPsec VPN Edition; includes 5000 IPsec VPN peers, 2500 Premium VPN peers, firewall ASA5540-SSL2500-K9
services, 4 Gigabit Ethernet interfaces, 1 Fast Ethernet interface
Cisco ASA 5550 SSL/IPsec VPN Edition; includes 5000 IPsec VPN peers, 2500 Premium VPN peers, firewall ASA5550-SSL2500-K9
services, 8 Gigabit Ethernet interfaces, 1 Fast Ethernet interface
Cisco ASA 5550 SSL/IPsec VPN Edition; includes 5000 IPsec VPN peers, 5000 Premium VPN peers, firewall ASA5550-SSL5000-K9
services, 8 Gigabit Ethernet interfaces, 1 Fast Ethernet interface
Cisco ASA Advanced Inspection and Prevention Security Services Module 20 (AIP-SSM-20) ASA-SSM-AIP-20-K9=
Cisco ASA Advanced Inspection and Prevention Security Services Module 40 (AIP-SSM-40) ASA-SSM-AIP-40-K9=
Cisco ASA Content Security and Control Security Services Module 10 (CSC-SSM-10) with 50-user ASA-SSM-CSC-10-K9=
antivirus/antispyware, 1-year subscription
Cisco ASA Content Security and Control Security Services Module 20 (CSC-SSM-20) with 500-user ASA-SSM-CSC-20-K9=
antivirus/antispyware, 1-year subscription
Cisco ASA Interface Card with 6 copper Gigabit Ethernet data ports for ASA 5525-X ASA-IC-6GE-CU-B
Cisco ASA Interface Card with 6 copper Gigabit Ethernet data ports for ASA 5545-X and ASA 5555-X ASA-IC-6GE-CU-C
Cisco ASA Interface Card with 6 SFP Gigabit Ethernet data ports (SX, LH, LX) for ASA 5512-X and ASA 5515-X ASA-IC-6GE-SFP-A
Cisco ASA Interface Card with 6 SFP Gigabit Ethernet data ports (SX, LH, LX) for ASA 5525-X ASA-IC-6GE-SFP-B
Cisco ASA Interface Card with 6 SFP Gigabit Ethernet data ports (SX, LH, LX) for ASA 5545-X and ASA 5555-X ASA-IC-6GE-SFP-C
Cisco ASA Interface Card with 6 copper Gigabit Ethernet data ports for ASA 5512-X and ASA 5515-X (spare) ASA-IC-6GE-CU-A=
Cisco ASA Interface Card with 6 copper Gigabit Ethernet data ports for ASA 5525-X (spare) ASA-IC-6GE-CU-B=
Cisco ASA Interface Card with 6 copper Gigabit Ethernet data ports for ASA 5545-X and ASA 5555-X (spare) ASA-IC-6GE-CU-C=
Cisco ASA Interface Card with 6 SFP Gigabit Ethernet data ports (SX, LH, LX) for ASA 5512-X and ASA 5515-X ASA-IC-6GE-SFP-A=
(spare)
Cisco ASA Interface Card with 6 SFP Gigabit Ethernet data ports (SX, LH, LX) for ASA 5525-X (spare) ASA-IC-6GE-SFP-B=
Cisco ASA Interface Card with 6 SFP Gigabit Ethernet data ports (SX, LH, LX) for ASA 5545-X and ASA 5555-X ASA-IC-6GE-SFP-C=
(spare)
Cisco ASA 5500 Series Software
Cisco ASA Software one-time upgrade for nonsupport customers ASA-SW-UPGRADE=
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 13 of 16
Product Name Part Number
ASA 5555-X CX Application Visibility and Control; 1-year (eDelivery Spare) L-ASA5555-AP1Y=
ASA 5555-X CX Application Visibility and Control; 3-year ASA5545-AP3Y
ASA 5555-X CX Application Visibility and Control; 3-year (eDelivery Spare) L-ASA5555-AP5Y=
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 14 of 16
Product Name Part Number
Application Visibility and Control and Web Security Essentials Bundle (AVC + WSE) Software Subscriptions
ASA 5525-X CX Application Visibility and Control and Web Security Essentials; 1-year (Promotion) ASA5525-AW1Y-PR
ASA 5525-X CX Application Visibility and Control and Web Security Essentials; 1-year (Promotion eDelivery L-ASA5512-AW1Y-PR=
Spare)
ASA 5525-X CX Application Visibility and Control and Web Security Essentials; 3-year (Promotion) ASA5525-AW3Y-PR
ASA 5525-X CX Application Visibility and Control and Web Security Essentials; 3-year (Promotion eDelivery L-ASA5525-AW3Y-PR =
Spare)
ASA 5525-X CX Application Visibility and Control and Web Security Essentials; 5-year ASA5525-AW5Y
ASA 5525-X CX Application Visibility and Control and Web Security Essentials; 5-year (eDelivery Spare) L-ASA5525-AW5Y=
ASA 5545-X CX Application Visibility and Control and Web Security Essentials; 1-year (Promotion) ASA5545-AW1Y-PR
ASA 5545-X CX Application Visibility and Control and Web Security Essentials; 1-year (Promotion eDelivery L-ASA5545-AW1Y-PR =
Spare)
ASA 5545-X CX Application Visibility and Control and Web Security Essentials; 3-year (Promotion) ASA5545-AW3Y-PR
ASA 5545-X CX Application Visibility and Control and Web Security Essentials; 3-year (Promotion eDelivery L-ASA5545-AW3Y-PR =
Spare)
ASA 5545-X CX Application Visibility and Control and Web Security Essentials; 5-year ASA5545-AW5Y
ASA 5545-X CX Application Visibility and Control and Web Security Essentials; 5-year (eDelivery Spare) L-ASA5545-AW5Y=
ASA 5555-X CX Application Visibility and Control and Web Security Essentials; 1-year (Promotion) ASA5555-AW1Y-PR
ASA 5555-X CX Application Visibility and Control and Web Security Essentials; 1-year (Promotion eDelivery L-ASA5555-AW1Y-PR=
Spare)
ASA 5555-X CX Application Visibility and Control and Web Security Essentials; 3-year (Promotion) ASA5555-AW3Y-PR
ASA 5555-X CX Application Visibility and Control and Web Security Essentials; 3-year (Promotion eDelivery L-ASA5555-AW3Y-PR=
Spare)
ASA 5555-X CX Application Visibility and Control and Web Security Essentials; 5-year ASA5555-AW5Y
ASA 5555-X CX Application Visibility and Control and Web Security Essentials; 5-year (eDelivery Spare) L-ASA5555-AW5Y=
Cisco ASA 5500 Series Accessories
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 15 of 16
Service and Support
Cisco services help you protect your network investment, optimize network operations, and prepare your network
for new applications to extend network intelligence and the power of your business.
Included in the “Operate” phase of the service lifecycle are Cisco Security IntelliShield Alert Manager Service,
Cisco SMARTnet® Service, Cisco Service Provider Base, and Cisco Services for IPS. These services are suitable
for enterprise, commercial, and service provider customers.
Cisco Security IntelliShield Alert Manager Service provides a customizable, web-based threat and vulnerability
alert service that allows organizations to easily access timely, accurate, and credible information about potential
vulnerabilities in their environment.
Cisco Services for IPS supports modules, platforms, and bundles of platforms and modules that feature IPS
capabilities. Cisco SMARTnet and Service Provider Base support other products in this family.
Cisco Capital
● Cisco ASA 5500 and ASA 5500-X Series Next-Generation Firewalls: http://www.cisco.com/go/asa
● Cisco Adaptive Security Device Manager: http://www.cisco.com/go/asdm
● Cisco Security Services: http://www.cisco.com/en/US/products/svcs/ps2961/ps2952/serv_group_home.html
● Cisco ASA 5500 Series and ASA 5500-X Series Licensing Information:
http://www.cisco.com/en/US/products/ps6120/products_licensing_information_listing.html
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 16 of 16