|
|
|
|
Cisco ASA 5540 Firewall Edition includes 4 Gigabit Ethernet interfaces + 1 Fast Ethernet interface, 5000 IPSec VPN peers, 2 SSL VPN peers, 3DES/AES license.
Data Sheet
CISCO ASA 5540 ADAPTIVE SECURITY APPLIANCE
The Cisco ASA 5540 Adaptive Security Appliance delivers high-performance, high-density security services with Active/Active high availability and Gigabit Ethernet connectivity for medium-sized and large enterprise and service-provider networks, in a reliable, modular appliance. With four Gigabit Ethernet interfaces and support for up to 100 VLANs, businesses can use the Cisco ASA 5540 to segment their network into numerous zones for improved security. The Cisco ASA 5540 Adaptive Security Appliance scales with businesses as their network security requirements grow, delivering exceptional investment protection and services scalability. The advanced network and application-layer security services and anti-X defenses provided by the Cisco ASA 5540 Adaptive Security Appliance can be extended by deploying the AIP-SSM for high-performance intrusion prevention and worm mitigation. Businesses can scale their IPSec and SSL VPN capacity through multiple means to support a larger number of mobile workers, remote sites, and business partners. Businesses can scale up to 2500 SSL VPN peers on each Cisco ASA 5540 by installing an SSL VPN upgrade license; 5000 IPSec VPN peers are supported on the base platform. VPN capacity and resiliency can also be increased by taking advantage of the integrated VPN clustering and load-balancing capabilities of the Cisco ASA 5540 Adaptive Security Appliance. The Cisco ASA 5540 supports up to 10 appliances in a cluster, supporting a maximum of 25,000 SSL VPN peers or 50,000 IPSec VPN peers per cluster. Using the optional security context capabilities of the Cisco ASA 5540 Adaptive Security Appliance, businesses can deploy up to 50 virtual firewalls within an appliance to enable compartmentalized control of security policies on a per-department or per-customer basis, and deliver reduced overall management and support costs.
Cisco ASA 5540 Adaptive Security Appliance Platform Capabilities and Capacities
Feature |
Description |
Firewall Throughput |
Up to 650 Mbps |
Concurrent Threat Mitigation Throughput (firewall + IPS services) |
Up to 450 Mbps with AIP-SSM-20 |
VPN Throughput |
Up to 325 Mbps |
Concurrent Sessions |
400,000 |
IPSec VPN Peers |
5000 |
SSL VPN Peer License Levels* |
10, 25, 50, 100, 250, 500, 750, 1000, and 2500 |
Security Contexts |
Up to 50* |
Interfaces |
4 Gigabit Ethernet ports and 1 Fast Ethernet port |
Virtual interfaces (VLANs) |
100 |
Scalability |
VPN clustering and load balancing |
High Availability |
Active/Active, Active/Standby |
Cisco® ASA 5500 Series adaptive security appliances are purpose-built solutions that combine best-of-breed security and VPN services with the innovative Cisco Adaptive Identification and Mitigation (AIM) architecture. Designed as a core component of the Cisco Self-Defending Network, the Cisco ASA 5500 Series provides proactive threat defense that stops attacks before they spread through the network, controls network activity and application traffic, and delivers flexible VPN connectivity. The result is a powerful multifunction network security appliance family that provides the security breadth and depth for protecting small and medium-sized business and enterprise networks while reducing the overall deployment and operations costs and complexities associated with providing this new level of security.
The Cisco ASA 5500 Series delivers a powerful combination of multiple market-proven technologies in a single platform, making it operationally and economically feasible for organizations to deploy comprehensive security services to more locations. The multifunction security profile of the Cisco ASA 5500 Series virtually eliminates the difficult-and risky-decision of making trade-offs between robust security protection and the operational costs associated with multiple devices in numerous locations.
The Cisco ASA 5500 Series helps businesses more effectively and efficiently protect their networks while delivering exceptional investment protection through the following key elements:
• Market-proven security and VPN capabilities-Full-featured, high-performance firewall, intrusion prevention system (IPS), anti-X, and IP Security/Secure Sockets Layer (IPSec/SSL) VPN technologies deliver robust application security, user- and application-based access control, worm and virus mitigation, malware protection, content filtering, and remote user/site connectivity.
• Extensible Adaptive Identification and Mitigation services architecture-Built on a modular services processing and policy framework, the Cisco ASA 5500 Series AIM architecture enables the application of specific security or network services on a per-traffic-flow basis, delivering highly granular policy controls and anti-X protection with streamlined traffic processing. The efficiencies of the AIM architecture, together with the software and hardware extensibility available in user-installable Cisco ASA 5500 Series security services modules (SSMs), enable the evolution of existing services as well as the deployment of new services without requiring a platform replacement or performance compromise. As the foundation of the Cisco ASA 5500 Series, the AIM architecture enables highly customizable security policies and unprecedented services extensibility to help protect against fast-evolving threats.
• Reduced deployment and operations costs-The multifunction Cisco ASA 5500 Series allows for platform, configuration, and management standardization, helping to decrease the costs of deployment and ongoing operations.
INTRODUCING THE CISCO ASA 5500 SERIES
The Cisco ASA 5500 Series includes the Cisco ASA 5510, 5520, 5540, and 5550 adaptive security appliances-three purpose-built, high-performance security solutions that take advantage of Cisco Systems® expertise in developing industry-leading, award-winning security and VPN solutions. The series integrates the latest technologies from Cisco PIX® 500 Series security appliances, Cisco IPS 4200 Series sensors, and Cisco VPN 3000 Series concentrators. By combining these technologies, the Cisco ASA 5500 Series delivers an unmatched, best-of-breed solution that stops the broadest range of threats and provides businesses with flexible, secure connectivity options. As a core component of Cisco Adaptive Threat Defense and Unified Secure Access strategies, the Cisco ASA 5500 Series brings together a wide range of security and VPN technologies to provide rich application security, anti-X defenses, network containment and control, and secure connectivity.
The extensible Cisco AIM services architecture and the flexible multiprocessor design of the Cisco ASA 5500 Series enable the adaptive security appliances to provide unprecedented performance for multiple concurrent security services while delivering exceptional investment protection. The Cisco ASA 5500 Series Adaptive Security Appliances combine multiple high-performance processors that work in concert to deliver advanced firewall services, intrusion prevention services (IPS), anti-X/content security services, IPSec and SSL VPN services, and more. Businesses can add other high-performance security services by installing Cisco ASA 5500 Series security services modules-such as the Advanced Inspection and Prevention Security Services Module (AIP-SSM) for intrusion prevention services, or the Cisco ASA 5500 Series Content Security and Control Security Services Module (CSC-SSM) for advanced anti-X services. This flexible design makes the Cisco ASA 5500 Series uniquely capable of adapting to new threats, protecting against the fast-evolving threat environment, and providing exceptional investment protection through its use of programmable hardware to "future-proof" the platform for years to come. The combination of these high-performance, market-proven security and VPN capabilities, along with integrated Gigabit Ethernet connectivity and a diskless, flash-based architecture, make the Cisco ASA 5500 Series an ideal choice for businesses requiring a best-in-class security solution with high performance, flexibility, reliability, and investment protection.
All Cisco ASA 5500 Series appliances include maximum IPSec VPN users on the base system; SSL VPN is licensed and purchased separately. By converging IPSec and SSL VPN services with comprehensive threat defense technologies, the Cisco ASA 5500 Series provides highly customizable network access tailored to meet the requirements of diverse deployment environments while providing a fully secured VPN with complete endpoint and network-level security.
Characteristics of Cisco ASA 5500 Series Adaptive Security Appliances
|
Cisco ASA 5510 |
Cisco ASA 5520 |
Cisco ASA 5540 |
Cisco ASA 5550 |
|
|
|
|
|
Users/nodes |
Unlimited |
Unlimited |
Unlimited |
Unlimited |
Firewall throughput |
Up to 300 Mbps |
Up to 450 Mbps |
Up to 650 Mbps |
Up to 1.2 Gbps |
Concurrent threat mitigation throughput (firewall + IPS services) |
Up to 150 Mbps with AIP-SSM-10 |
Up to 225 Mbps with AIP-SSM-10
Up to 375 Mbps with AIP-SSM-20 |
Up to 450 Mbps with AIP-SSM-20 |
Not available |
3DES/AES VPN throughput |
Up to 170 Mbps |
Up to 225 Mbps |
Up to 325 Mbps |
Up to 425 Mbps |
IPSec VPN peers |
250 |
750 |
5000 |
5000 |
SSL VPN peers* (included/maximum) |
2/250 |
2/750 |
2/2500 |
2/5000 |
Concurrent sessions |
50,000; 130,000* |
280,000 |
400,000 |
650,000 |
New sessions/second |
6000 |
9000 |
20,000 |
28,000 |
Integrated network ports |
3 Fast Ethernet + 1 management port; 5 Fast Ethernet ports* |
4 Gigabit Ethernet, 1 Fast Ethernet |
4 Gigabit Ethernet, 1 Fast Ethernet |
8 Gigabit Ethernet, 4 SFP fiber, 1 Fast Ethernet |
Virtual interfaces (VLANs) |
10; 25* |
100 |
200 |
200 |
Security contexts (included/maximum) |
0/0 |
2/10 |
2/50 |
2/50 |
High availability |
Not supported; Active/Standby* |
Active/Active and Active/Standby |
Active/Active and Active/Standby |
Active/Active and Active/Standby |
SSM expansion slot |
1 |
1 |
1 |
0 |
User-accessible flash slot |
1 |
1 |
1 |
1 |
USB 2.0 ports |
2 |
2 |
2 |
2 |
Serial ports |
2 RJ-45, console and auxiliary |
2 RJ-45, console and auxiliary |
2 RJ-45, console and auxiliary |
2 RJ-45, console and auxiliary |
Technical Specifications |
|
Memory |
256 MB |
512 MB |
1024 MB |
4096 MB |
Minimum system flash |
64 MB |
64 MB |
64 MB |
64 MB |
System bus |
Multibus architecture |
Multibus architecture |
Multibus architecture |
Multibus architecture |
Environmental Operating Ranges |
Operating |
Temperature |
32 to 104ºF (0 to 40ºC) |
Relative humidity |
5 to 95 percent noncondensing |
Altitude |
0 to 9840 ft (3000 m) |
Shock |
1.14 m/sec (45 in./sec) 1/2 sine input |
Vibration |
0.41 Grms2 (3 to 500 Hz) random input |
Acoustic noise |
60 dBa max |
Nonoperating |
Temperature |
-13 to 158ºF (-25 to 70ºC) |
Relative humidity |
5 to 95 percent noncondensing |
Altitude |
0 to 15,000 ft (4570 m) |
Shock |
30 G |
Vibration |
0.41 Grms2 (3 to 500 Hz) random input |
Power |
Input (per power supply) |
Range line voltage |
100 to 240 VAC |
Normal line voltage |
100 to 240 VAC |
Current |
3A |
Frequency |
47 to 63 Hz, single-phase |
Output |
Steady state |
150W |
Maximum peak |
190W |
Maximum heat dissipation |
648 BTU/hr |
Physical Specifications |
Form factor |
1 RU, 19-in. rack-mountable |
Dimensions (H x W x D) |
1.75 x 17.5 x 13.2 in. |
Weight (with power supply) |
20.0 lb (9.07 kg) |
22.0 lb (10 kg) |
Regulatory and Standards Compliance |
Safety |
UL 1950, CSA C22.2 No. 950, EN 60950 IEC 60950, AS/NZS3260, TS001 |
Electromagnetic compatibility (EMC) |
CE marking, FCC Part 15 Class A, AS/NZS 3548 Class A, VCCI Class A, EN55022 Class A, CISPR22 Class A, EN61000-3-2, EN61000-3-3 |
Industry Certifications |
ICSA Firewall, ICSA IPSec, FIPS 140-2 Level 2, NEBS Level 3 |
|
|
|
|
|
|
|