Adaptive Security Appliance and ASA 5500-X Series Next-Generation Firewall
Cisco ASA5515-K9
ALL LICENSES
Cisco Adaptive Security Appliance Software Version 9.5(2)2
Device Manager Version 7.6(1)
Security Plus License
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 5 perpetual
Carrier : Enabled perpetual
AnyConnect Premium Peers : 250 perpetual
AnyConnect Essentials : 250 perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled perpetual
Advanced Endpoint Assessment : Enabled perpetual
Shared License : Enabled perpetual
Total UC Proxy Sessions : 500 perpetual
Botnet Traffic Filter : Enabled perpetual
IPS Module : Disabled perpetual
Cluster : Enabled perpetual
Cluster Members : 4 perpetual
This platform has an ASA 5515 Security Plus license.
+
Brackest
+
Power lead (UK order only)
3 available, 1 has interface card blank (ASA-IC-A-BLANK) missing.
Check the photo 5.
The auction is for 1
Full working order
364 day warranty
asa# show ver
Cisco Adaptive Security Appliance Software Version 9.5(2)2
Device Manager Version 7.6(1)
Compiled on Tue 22-Dec-15 10:06 PST by builders
System image file is "disk0:/asa952-2-smp-k8.bin"
Config file at boot was "startup-config"
Hardware: ASA5515, 8192 MB RAM, CPU Clarkdale 3059 MHz, 1 CPU (4 cores)
ASA: 3598 MB RAM, 1 CPU (1 core)
Internal ATA Compact Flash, 8192MB
BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB
Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-SB-PLUS-0005
IPSec microcode : CNPx-MC-IPSEC-MAIN-0026
Number of accelerators: 1
Baseboard Management Controller (revision 0x1) Firmware Version: 2.4
0: Int: Internal-Data0/0 : address is 4c00.821d.c64d, irq 11
1: Ext: GigabitEthernet0/0 : address is 4c00.821d.c651, irq 10
2: Ext: GigabitEthernet0/1 : address is 4c00.821d.c64e, irq 10
3: Ext: GigabitEthernet0/2 : address is 4c00.821d.c652, irq 5
4: Ext: GigabitEthernet0/3 : address is 4c00.821d.c64f, irq 5
5: Ext: GigabitEthernet0/4 : address is 4c00.821d.c653, irq 10
6: Ext: GigabitEthernet0/5 : address is 4c00.821d.c650, irq 10
7: Int: Internal-Data0/1 : address is 0000.0001.0002, irq 0
8: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 0
9: Int: Internal-Data0/2 : address is 0000.0001.0003, irq 0
10: Ext: Management0/0 : address is 4c00.821d.c64d, irq 0
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 5 perpetual
Carrier : Enabled perpetual
AnyConnect Premium Peers : 250 perpetual
AnyConnect Essentials : 250 perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled perpetual
Advanced Endpoint Assessment : Enabled perpetual
Shared License : Enabled perpetual
Total UC Proxy Sessions : 500 perpetual
Botnet Traffic Filter : Enabled perpetual
IPS Module : Disabled perpetual
Cluster : Enabled perpetual
Cluster Members : 4 perpetual
This platform has an ASA 5515 Security Plus license.
Product Overview
Your
small offices or branch locations require the best network security
available. An integrated solution that is easy to deploy and manage
improves IT efficiency. Affordable pricing and the ability to scale as
necessary are other important product benefits. You get all that and
more with the Cisco® ASA
5505 Adaptive Security Appliance and ASA 5500-X Series Next-Generation
Firewalls. These multifaceted security products include the world’s most
proven stateful inspection firewallwith a comprehensive suite of highly
integrated next-generation firewall services for networks of all sizes.
These firewalls are used and trusted by small and midsize businesses
with one or a few locations, large enterprises, service providers, and
mission-critical data centers.
Enterprise class security. Cisco MultiScale® performance,
providing the ability to deliver multiple security services at scale.
Unprecedented services flexibility. Modular scalability. Feature
extensibility. And lower deployment and operational costs. All of these
features and benefits add up to tremendous value in the Cisco ASA 5505
Adaptive Security Appliance and ASA 5500-X Series Next-Generation
Firewalls. Available in a wide range of sizes and performance levels to
fit your network, budget, and evolving security needs, all models
deliver the same proven level of security that protects the networks of
some of the largest and most security-conscious companies in the world.
They also provide the visibility and control you need to take advantage
of new applications and devices without compromising security.
Cisco ASA 5512-X and 5515-X Adaptive Security Appliances
The
Cisco ASA 5512-X and 5515-X Adaptive Security Appliances combine the
most widely deployed stateful inspection firewall in the industry with a
comprehensive suite of next-generation network security services for
comprehensive security without compromise. They provide multiple
security services and redundant power supplies and help enable
consistent security enforcement throughout the organization. In addition
to comprehensive stateful inspection firewall capabilities, the Cisco
ASA 5512-X and 5515-X Adaptive Security Appliances optionally provide
broad and deep network security through an array of integrated cloud-
and software-based security services, including Cisco Application
Visibility and Control (AVC), web security, Cisco Cloud Web Security
(CWS), and the only context-aware intrusion prevention system (IPS) -
all with no need for additional hardware modules.
The
Cisco ASA 5512-X and ASA 5515-X Adaptive Security Appliances are part
of the Cisco ASA 5500-X Series Next-Generation Firewalls, which is built
on the same proven security platform as the rest of the Cisco ASA
Family of firewalls and delivers exceptional application visibility and
control along with superior performance and operational efficiency. The
Cisco ASA 5512-X and 5515-X Adaptive Security Appliances are designed to
meet evolving security needs by providing, among other things,
innovative next-generation firewall services that make it possible to
take advantage of new applications and devices without compromising
security.
Unlike
other next-generation firewalls, the Cisco ASA 5500-X Series
Next-Generation Firewalls keep pace with rapidly evolving needs by
offering end-to-end network intelligence gained from combining the
visibility from local traffic with in-depth global network intelligence
using:
● Cisco TrustSec® technology
● Cisco AnyConnect® Secure Mobility Solution for unique mobile client insight
● Cisco Security Intelligence Operations (SIO) for near-real-time threat information and proactive protection
● Cisco ASA Next-Generation Firewall Services
With
up to 1.2 Gbps of firewall throughput, 250,000 concurrent firewall
connections, 15,000 connections per second, and 6 integrated Gigabit
Ethernet interfaces, the Cisco ASA 5512-X and ASA 5515-X Adaptive
Security Appliances are excellent choices for businesses requiring a
high-performance, cost-effective, and extensible security solution with
exceptional application visibility and control that can grow as your
needs change.
Cisco ASA 5505 Adaptive Security Appliance
The
Cisco ASA 5505 is a full-featured firewall for small business, branch,
and enterprise teleworker environments. It delivers high-performance
firewall, SSL and IPsec VPN, and rich networking services in a modular,
immediately operational appliance. Using the integrated graphical Cisco
Adaptive Security Device Manager (ASDM), the Cisco ASA 5505 can be
rapidly deployed and easily managed, helping businesses reduce
operational costs. It features a flexible 8-port 10/100 Fast Ethernet
switch whose ports can be dynamically grouped to create up to three
separate VLANs for home, business, and Internet traffic for improved
network segmentation and security. The Cisco ASA 5505 provides two Power
over Ethernet (PoE) ports, simplifying the deployment of Cisco IP
phones with highly secure zero-touch voice over IP (VoIP) capabilities,
as well as the deployment of external wireless access points for
extended network mobility. A high-performance intrusion prevention and
worm mitigation service is available with the addition of the Advanced
Inspection and Prevention Security Services Card (AIP SSC). Multiple USB
ports can be used to implement additional services and capabilities as
they are needed.
As
business needs grow, customers can install a Security Plus upgrade
license, The Cisco ASA 5505 can then scale to support a higher
connection capacity and up to 25 IPsec VPN users, add full DMZ support,
and integrate into switched network environments through VLAN trunking
support. Furthermore, this upgrade license improves business continuity
by helping to enable support for redundant ISP connections and stateless
active/standby high-availability services.
Businesses
can also extend the Cisco ASA 5505’s VPN service by enabling Cisco
AnyConnect client and clientless VPN remote access to support various
mobile workers and business partners. Cisco Secure Remote Access
Solution deployments can scale to serve up to 25 AnyConnect or
clientless VPN concurrent users on each Cisco ASA 5505 by installing an
Essential or a Premium Cisco AnyConnect VPN license.
This
combination of market-leading security and VPN services, advanced
networking features, flexible remote management capabilities, and future
extensibility makes the Cisco ASA 5505 an excellent choice for
businesses requiring a best-in-class small business, branch, or
enterprise teleworker security solution.
Table
1 compares the features and capacities of the Cisco ASA 5500 and ASA
5500-X platforms for small offices and branch locations.
Table 1. Cisco
ASA 5500 Adaptive Security Appliance and ASA 5500-X Series
Next-Generation Firewalls for Small Offices and Branch Locations
Feature | Cisco ASA 5505; SecurityPlus | Cisco ASA 5512-X; Security Plus | Cisco ASA 5515-X |
| | | |
Stateful inspection throughput (maximum1) | Up to 150 Mbps | 1 Gbps | 1.2 Gbps |
Stateful inspection throughput (multiprotocol2) | - | 500 Mbps | 600 Mbps |
IPS throughput3 | Up to 75 Mbps with AIP‑SSC-5 | 250 Mbps (extra hardware not required) | 400 Mbps (extra hardware not required) |
Next-generation throughput4(multiprotocol) | - | 200 Mbps | 350 Mbps |
3DES/AES VPN throughput5 | Up to 100 Mbps | 200 Mbps | 250 Mbps |
Users or nodes | Unlimited | Unlimited | Unlimited |
IPsec VPN peers | 25* | 250 | 250 |
Cisco Cloud Web Security users | 25 | 2000 | 3000 |
Premium AnyConnect VPN peers(included/maximum) | 2/25 | 2/250 | 2/250 |
Concurrent connections | 10,000; 25,000* | 100,000 | 250,000 |
New connections per second | 4000 | 10,000 | 15,000 |
Virtual interfaces (VLANs) | 3 (trunking disabled)/ 20 (trunking enabled)* | 50; 100 | 100 |
Security contexts (included/maximum)6 | Not available | 0,0; 2,5 | 2,5 |
High availability | Not supported* | Not supported; active/active and active/standby** | Active/active and active/standby |
Expansion slot | 1 SSC | 1 interface card | 1 interface card |
User-accessible flash slot | - | No | No |
USB 2.0 ports | 3 (1 on front, 2 on rear) | 2 | 2 |
Integrated I/O | 8 Fast Ethernet with 2 PoE ports | 6 GE copper | 6 GE copper |
Expansion I/O | - | 6 GE Copper or 6 GE SFP | 6 GE Copper or 6 GE SFP |
Serial ports | 1 RJ-45 console | 1 RJ-45 console | 1 RJ-45 console |
Solid state drive | - | 1 slot, 120 GB MLC SED | 1 slot, 120 GB MLC SED |
Memory | 512 MB | 4 GB | 8 GB |
Minimum system flash | 128 MB | 4 GB | 8 GB |
System bus | Multibus architecture | Multibus architecture | Multibus architecture |
Temperature | 32 to 104°F (0 to 40°C) | 23 to 104°F (-5 to 40°C) | 23 to 104°F (-5 to 40°C) |
Relative humidity | 5 to 95 percent noncondensing | 10 to 90 percent noncondensing | 10 to 90 percent noncondensing |
Altitude | Designed and tested for 0 to 9840 ft (3000 m); agency approved for 2000 m | Designed and tested for 0 to 15,000 ft (4572 m) | Designed and tested for 0 to 15,000 ft (4572 m) |
Shock | 1.14 m/sec (45 in./sec) 1/2 sine input | 70G, 4.22 m/sec | 70G, 4.22 m/sec |
Vibration | 0.41 Grms2 (3 to 500 Hz) random input | 0.41 Grms2 (3 to 500 Hz) random input | 0.41 Grms2 (3 to 500 Hz) random input |
Acoustic noise | 60 dBa max | 64.2 dBa max | 64.2 dBa max |
Temperature | -13 to 158ºF (-25 to 70ºC) | -13 to 158ºF (-25 to 70ºC) | -13 to 158ºF (-25 to 70ºC) |
Relative humidity | 5 to 95 percent noncondensing | 10 to 90 percent noncondensing | 10 to 90 percent noncondensing |
Altitude | 0 to 15,000 ft (4570m) | Designed and tested for 0to 15,000 ft (4570m) | Designed and tested for 0to 15,000 ft (4570m) |
Shock | 30G | 70G, 4.22 m/sec | 70G, 4.22 m/sec |
Vibration | 0.41 Grms2 (3 to 500 Hz) random input | 1.12 Grms2 (3 to 500 Hz) random input | 1.12 Grms2 (3 to 500 Hz) random input |
AC range line voltage | 100 to 240 VAC | 100 to 240 VAC | 100 to 240 VAC |
AC normal line voltage | 100 to 240 VAC | 100 to 240 VAC | 100 to 240 VAC |
AC current | 1.8A | 4.85A | 4.85A |
AC frequency | 50/60 Hz | 50/60 Hz | 50/60 Hz |
Dual-power supplies | None | None | None |
DC domestic line voltage | See the ASA 5500 Series Hardware Installation Guide | -40.5 to 56 VDC (-48 VDC nominal) | -40.5 to 56 VDC (-48 VDC nominal) |
DC international line voltage | See the ASA 5500 Series Hardware Installation Guide | -55 to -72 VDC (-60 VDC nominal) | -55 to -72 VDC (-60 VDC nominal) |
DC current | See the ASA 5500 Series Hardware Installation Guide | 15A (maximum input) | 15A (maximum input) |
Steady state | 20W | 51W | 65W |
Maximum peak | 96W | 56W | 70W |
Maximum heat dissipation | 72 BTU/hr | 192 BTU/hr | 239 BTU/hr |
Form factor | Desktop | 1RU, 19-in. rack-mountable | 1RU, 19-in. rack-mountable |
Dimensions (HxW x D) | 1.75 x 7.89 x 6.87 in. (4.45x 20.04 x 17.45 cm) | 1.67 x 16.7 x 15.6 In (4.24x 42.9 x 39.5 cm) | 1.67 x 16.7 x 15.6 In (4.24x 42.9 x 39.5 cm) |
Weight (with AC power supply) | 4.0 lb (1.8 kg) | 13.39 lb (6.07 kg) | 13.39 lb (6.07 kg) |
Safety | UL 60950, CSA C22.2 No. 60950, EN 60950 IEC 60950, AS/NZS60950 | IEC 60950-1: 2005, 2ndEdition EN 60950-1:2006+A11: 2009 UL 60950-1:2007, 2ndEdition; CSA C22.2 No. 60950-1-07, 2nd Edition | IEC 60950-1: 2005, 2nd Edition EN 60950-1:2006+A11: 2009 UL 60950-1:2007, 2nd Edition; CSA C22.2 No. 60950-1-07, 2ndEdition |
Electromagnetic compatibility (EMC) | CE marking, FCC Part 15 Class B, AS/NZS CISPR22 Class B, VCCI Class B, EN55022 Class B, CISPR22 ClassB, EN61000-3-2, EN61000-3-3 | CE: EN55022 2006+A1: 2007 Class A; EN55024 1998+A1:2001+A2:2003; EN61000-3-2 2009; EN61000-3-3 2008; FCC: CFR 47, Part 15 Subpart B Class A 2010, ANSI C63.4 2009; ICES-003 ISSUE 4 FEBRUARY.2004; VCCI: V-3/2011.04; C-TICK: AS/NZS CISPR 22,2009 KC: KN22 & KN24 | CE: EN55022 2006+A1: 2007 Class A; EN55024 1998+A1: 2001+A2:2003; EN61000-3-2 2009; EN61000-3-3 2008; FCC: CFR 47, Part 15 Subpart B Class A 2010, ANSI C63.4 2009; ICES-003 ISSUE 4 FEBRUARY.2004; VCCI: V-3/2011.04; C-TICK: AS/NZS CISPR 22,2009 KC: KN22 & KN24 |
Industry certifications | FIPS 140-2 Level 2 In
process: Common Criteria EAL4+ US DoD Application-Level Firewall for
Medium-Robustness Environments, and Common Criteria EAL4 for IPsec/SSL
VPN | In process | In process |
1 Maximum throughput measured with UDP traffic under ideal conditions.
2 Multiprotocol
= Traffic profile consisting primarily of TCP-based
protocols/applications like HTTP, SMTP, FTP, IMAPv4, BitTorrent, and
DNS.
3 Firewall traffic that does not go through the IPS service can have higher throughput.
4 Throughput
was measured using Cisco ASA CX Software Release 9.1.1 with
multiprotocol traffic profile with both AVC and WSE. Traffic logging was
enabled as well.
5 VPN
throughput and sessions count depend on the ASA device configuration
and VPN traffic patterns. These elements should be taken into
consideration as part of your capacity planning.
6 Separately licensed feature; includes two SSL licenses with base system.