Cisco ASA
5500 series is a big family that has many popular Cisco ASA models chosen by
users. For example, Cisco asa 5505
was designed for Small Offices, home offices and remote office security and for
VPN Solutions. It supports up to 16,000 concurrent connections with security
Plus license, active/Standby Failover and Site to Site, Remote access and
WebVPN. And it delivers 100-Mbps firewall throughput. Cisco asa 5510 and ASA 5520, they deliever advanced security and
networking services, including high-performance VPN services, for small and
medium-sized business and enterprise branch offices. What are the main
differences? You can check the following comparison table of Cisco asa 5505,
5510 and ASA 5520.
Cisco ASA 5505 vs. ASA 5510 vs. ASA 5520
|
Cisco
ASA Model
|
ASA
5505 /Security Plus
|
ASA
5510 / Security Plus
|
ASA
5520
|
|
Stateful Inspection throughput (max1)
|
Up to 150 Mbps
|
Up to 300 Mbps
|
450 Mbps
|
|
Stateful Inspection throughput
(multiprotocol2)
|
-
|
-
|
-
|
|
Next-Generation throughput3(multiprotocol)
|
-
|
-
|
-
|
|
ASA IPS Throughput4
|
Up to 75 Mbps with AIP SSC-5
|
Up to 150 Mbps with AIP SSM-10; 300 Mbps
with AIP SSM-20
|
Up to 225 Mbps with AIP SSM-10; 375 Mbps
with AIP SSM-20; 450 Mbps with AIP SSM-40
|
|
Concurrent sessions
|
10,000 /25,000
|
50,000 /130,000
|
280,000
|
|
Connections per second
|
4,000
|
9,000
|
12,000
|
|
Packets per second (64 byte)
|
85,000
|
190,000
|
320,000
|
|
3DES/AES VPN throughput5
|
100 Mbps
|
170 Mbps
|
225 Mbps
|
|
Site-to-site and IPsec IKEv1 client
VPN user sessions
|
10/25
|
250
|
750
|
|
Cisco AnyConnect or Clientless VPN
User Sessions6 (AnyConnect license required)
|
25
|
250
|
750
|
|
Cisco Cloud Web Security users
|
25
|
75
|
300
|
|
VLANs
|
3 (trunking disabled) / 20 (trunking
enabled)
|
50 / 100
|
150
|
|
High-availability support7
|
Stateless Active/Standby Only*
|
Active/Acitve* and Active/Standby*
|
A/A and A/S
|
|
Integrated I/O
|
8-port FE with 2 Power over Ethernet
(PoE) ports
|
5-port FE / 2-port 10/100/1000, 3-port FE
|
4-port 10/100/1000 and 1-port FE
|
|
Expansion I/O
|
Not available
|
4-port 10/100/1000 or 4-port GE (SFP)
|
4-port 10/100/1000 or 4-port GE (SFP)
|
|
Dual power supplies
|
Not available
|
Not available
|
Not available
|
|
Power
|
AC/DC
|
AC/DC
|
AC/DC
|
Notes:
1Maximum throughput with UDP traffic measured under ideal test conditions
2Multiprotocol = Traffic profile consisting primarily of TCP-based protocols/applications like HTTP, SMTP, FTP, IMAPv4, BitTorrent, and DNS
3Throughput was measured using ASA CX Software Release 9.1.1 with multi-protocol traffic profile with both Application Visibility Control (AVC) and Web Security Essentials (WSE). Traffic logging was enabled as well.
4Firewall traffic that does not go through IPS service can have higher throughput.
5VPN throughput and sessions count depend on the ASA device configuration and VPN traffic patterns. These elements should be taken into consideration as part of your capacity planning. Maximum throughput numbers are based on IPsec IKEv1 Remote Access VPN Connectivity.
62 AnyConnect Premium User Licenses are included by default
7A/A = Active/Active; A/S = Active/Standby
* Requires security plus license
1Maximum throughput with UDP traffic measured under ideal test conditions
2Multiprotocol = Traffic profile consisting primarily of TCP-based protocols/applications like HTTP, SMTP, FTP, IMAPv4, BitTorrent, and DNS
3Throughput was measured using ASA CX Software Release 9.1.1 with multi-protocol traffic profile with both Application Visibility Control (AVC) and Web Security Essentials (WSE). Traffic logging was enabled as well.
4Firewall traffic that does not go through IPS service can have higher throughput.
5VPN throughput and sessions count depend on the ASA device configuration and VPN traffic patterns. These elements should be taken into consideration as part of your capacity planning. Maximum throughput numbers are based on IPsec IKEv1 Remote Access VPN Connectivity.
62 AnyConnect Premium User Licenses are included by default
7A/A = Active/Active; A/S = Active/Standby
* Requires security plus license
More
Related Cisco ASA Firewall Topics:
Thanks for sharing poe switches
ReplyDeleteSecurity is the main concern of every user as hacking is the source that can damage your account. In order to secure your account, you must have a 2fa and strong password. If you still suspect some unwanted issues, you can dial Binance helpdesk number which is always there to assist you. The professionals are always one more call away from you so; don’t get delayed in contacting them.The customer executive will provide germane solutions after going deep in your issue. Reaching the customer experts at any time over phone helps you in fixing your issue.
ReplyDelete