Cisco Systems Cisco PIX 500 User manual

Brand: Cisco Systems

Model: Cisco PIX 500

Category: Hardware firewalls

Type: User manual

This manual is also suitable for

PIX 500

At-A-Glance

Upsell Guide—

Migrating Cisco PIX Requests to Cisco ASA 5500 Sales

Cisco

ASA 5500 Series Adaptive Security Appliances deliver more security

capabilities, higher performance, and greater expansion opportunities than Cisco

PIX

500 Series Security Appliances. Migrate customers requesting a Cisco PIX

appliance to Cisco ASA 5500 appliances today to enable them to benefit from

converged, multifunction security and VPN services within a single platform.

Cisco ASA 5500 Benefits over Cisco PIX 500

Delivers a Greater Functional Set Relative to Cisco PIX 500 Series

• SSLVPNservicesincludedwitheachCiscoASA5500Seriesappliance

• High-availabilitysupportavailableonallCiscoASA5500Seriesmodels

• Additionalsecurityservicesavailable,includingAnti-XandIPS

Flexible Deployment Options

Customizedproducteditionstailoredtoaddressspecificneeds:

• FirewallEdition

• IntrusionPreventionSystem(IPS)Edition

• Anti-XEdition

• SSL/IPsecVPNEdition

Better Price and Performance Compared to Similar Cisco PIX Models

• Startingfrom150Mbpsfirewalland100MbpsIPsecVPNforenterprise

teleworkermodel

• High-performanceIPSandAnti-Xservices

• PricesstartatthesamepricepointasCiscoPIXforsimilarmodels

Questions to Migrate Cisco PIX Requests to Cisco ASA 5500 Sales

What security capabilities are you looking to add to your network? Cisco ASA 5500

Series can provide:

• Firewall:ProvidestrustedfirewallbuiltuponCiscoPIXtechnology.

• VPN:Providesthreat-protectedVPNbuiltuponCiscoVPN3000technology.

FirstsolutiontooffercomprehensiveSSLandIPsecVPNservicesonthe

sameplatform.

• Anti-X:Offerscomprehensiveantivirus,anti-spyware,fileblocking,anti-spam,anti-

phishing,URLblockingandfiltering,andcontentfilteringfeaturesthroughpartner-

shipwithTrendMicro.

• IPS:Providesproactive,full-featuredintrusionpreventionservicestostopawide

rangeofthreats.

How do you combat worms and viruses in your network?

• TheCiscoASA5500SeriesAnti-XEditionprotectsusersfromInternetthreatsand

connectsremotesitessecurelywithanti-X,firewallandVPNservices.

How do you secure remote workers who are accessing your network?

• TheCiscoASA5500Seriesprovidesfullysecured,highlycustomizableaccess

foranyuserfromanylocationonasingledeviceandmanagementinfrastructure.

How do you plan to secure your IP communications network?

• TheCiscoASA5500Seriesoffersasuiteofvoicefeatures,enablingsecurityfor

thevoiceinfrastructure,callcontrol,andendpointsforVoIPnetworks.

0 50 100 150 200 250 300

Mbps

Sample Firewall Performance Comparisons

PIX 515E

ASA 5510

PIX 501

ASA 5505

1.5x

At-A-Glance

Upsell Guide—

Migrating Cisco PIX Requests to Cisco ASA 5500 Sales

Cisco PIX Upsell to Cisco ASA 5500 Series

Firewall IPS Anti-X VPN

Cisco PIX Security

Appliance Model

Cisco ASA 5500

Series Part Numbers

PC Connection

Part Numbers

Cisco ASA 5500 Description

Cisco PIX 501

10 Users

ASA5505-K8 7220495 CiscoASA5505FirewallEdition,10-user,8-portFastEthernetswitch,10IPsecVPNand2SSLVPNpeers,DES

ASA5505-BUN-K9 7190126 CiscoASA5505FirewallEdition,10-user,8-portFastEthernetswitch,10IPsecVPNand2SSLVPNpeers,3DES/AES

ASA5505-50-BUN-K9 7190151 CiscoASA5505FirewallEdition,50-user,8-portFastEthernetswitch,10IPsecVPNand2SSLVPNpeers,3DES/AES

ASA5505-SSL10-K9 7190337 CiscoASA5505SSL/IPsecVPNEdition,10IPsecVPNand10SSLVPNpeers,firewallservices,8-portFastEthernetswitch

Cisco PIX 501

50 Users

ASA5505-50-BUN-K9 7190151 CiscoASA5505FirewallEdition,50-user,8-portFastEthernetswitch,10IPsecVPNand2SSLVPNpeers,3DES/AES

ASA5505-UL-BUN-K9 7190214 CiscoASA5505FirewallEdition,Unlimited-user,8-portFastEthernetswitch,10IPsecVPNand2SSLVPNpeers,3DES/AES

ASA5505-SSL10-K9 7190337 CiscoASA5505SSL/IPsecVPNEdition,10IPsecVPNand10SSLVPNpeers,firewallservices,8-portFastEthernetswitch

Cisco PIX 501

Unlimited Users

ASA5505-UL-BUN-K9 7190214 CiscoASA5505FirewallEdition,Unlimited-user,8-portFastEthernetswitch,10IPsecVPNand2SSLVPNpeers,3DES/AES

ASA5505-SEC-BUN-K9 7190231 CiscoASA5505FirewallEdition,Unlimited-userSecurityPlus,8-portFastEthernetswitch,25IPsecVPNand2SSLVPNpeers,DMZ,stateless

Active/Standbyhighavailability,3DES/AES

ASA5505-SSL10-K9 7190337 CiscoASA5505SSL/IPsecVPNEdition,10IPsecVPNand10SSLVPNpeers,firewallservices,8-portFastEthernetswitch

Cisco PIX 506E

Active/Standbyhighavailability,3DES/AES

ASA5505-SSL25-K9 7190353 CiscoASA5505SSL/IPsecVPNEdition,25IPsecVPNand25SSLVPNpeers,firewallservices,8-portFastEthernetswitch,SecurityPluslicense

ASA5510-K8 5942929 CiscoASA5510FirewallEdition,3FastEthernetports,250IPsecVPNand2SSLVPNpeers,DES

ASA5510-BUN-K9 5822708 CiscoASA5510FirewallEdition,3FastEthernetports,250IPsecVPNand2SSLVPNpeers,3DES/AES

ASA5510-AIP10-K9 5822732 CiscoASA5510IPSEdition,AIP-SSM-10,firewallservices,250IPsecVPNand2SSLVPNpeers,3FastEthernetports

ASA5510-CSC10-K9 6519524 CiscoASA5510Anti-XEdition,CSC-SSM-10,50-userantivirus/anti-spywarewith1-yrsubscription,firewallservices,250IPsecVPNand2SSLVPN

peers,3FastEthernetports

ASA5510-CSC20-K9 6574136 CiscoASA5510Anti-XEdition,CSC-SSM-20,500-userantivirus/anti-spywarewith1-yrsubscription,firewallservices,250IPsecVPNand2SSLVPN

peers,3FastEthernetports

ASA5510-SSL50-K9 6574101 CiscoASA5510SSL/IPsecVPNEdition,250IPsecVPNand50SSLVPNpeers,firewallservices,3FastEthernetports

ASA5510-SSL100-K9 6574110 CiscoASA5510SSL/IPsecVPNEdition,250IPsecVPNand100SSLVPNpeers,firewallservices,3FastEthernetports

ASA5510-SSL250-K9 6574128 CiscoASA5510SSL/IPsecVPNEdition,250IPsecVPNand250SSLVPNpeers,firewallservices,3FastEthernetports

Cisco PIX 515E R/DMZ

ASA5510-K8 5942929 CiscoASA5510FirewallEdition,3FastEthernetports,250IPsecVPNand2SSLVPNpeers,DES

ASA5510-BUN-K9 5822708 CiscoASA5510FirewallEdition,3FastEthernetports,250IPsecVPNand2SSLVPNpeers,3DES/AES

ASA5510-SEC-BUN-K9 5822724 CiscoASA5510FirewallEdition,SecurityPlus,5FastEthernetports,250IPsecVPNand2SSLVPNpeers,Active/Standbyhighavailability,3DES/AES

ASA5510-AIP10-K9 5822732 CiscoASA5510IPSEdition,AIP-SSM-10,firewallservices,250IPsecVPNand2SSLVPNpeers,3FastEthernetports

peers,3FastEthernetports

ASA5510-SSL50-K9 6574101 CiscoASA5510SSL/IPsecVPNEdition,250IPsecVPNand50SSLVPNpeers,firewallservices,3FastEthernetports

ASA5510-SSL100-K9 6574110 CiscoASA5510SSL/IPsecVPNEdition,250IPsecVPNand100SSLVPNpeers,firewallservices,3FastEthernetports

ASA5510-SSL250-K9 6574128 CiscoASA5510SSL/IPsecVPNEdition,250IPsecVPNand250SSLVPNpeers,firewallservices,3FastEthernetports

At-A-Glance

Upsell Guide—

Migrating Cisco PIX Requests to Cisco ASA 5500 Sales

Cisco PIX 515E

UR/FO/FO-AA

ASA5510-AIP10-K9 5822732 CiscoASA5510IPSEdition,AIP-SSM-10,firewallservices,250IPsecVPNand2SSLVPNpeers,3FastEthernetports

peers,3FastEthernetports

ASA5510-SSL50-K9 6574101 CiscoASA5510SSL/IPsecVPNEdition,250IPsecVPNand50SSLVPNpeers,firewallservices,3FastEthernetports

ASA5510-SSL100-K9 6574110 CiscoASA5510SSL/IPsecVPNEdition,250IPsecVPNand100SSLVPNpeers,firewallservices,3FastEthernetports

ASA5510-SSL250-K9 6574128 CiscoASA5510SSL/IPsecVPNEdition,250IPsecVPNand250SSLVPNpeers,firewallservices,3FastEthernetports

Cisco PIX 520

(End of Life as of

June 2006)

ASA5520-K8 – CiscoASA5520FirewallEdition,4GigabitEthernetports+1FastEthernetinterface,750IPsecVPNand2SSLVPNpeers,Active/Activeand

Active/Standbyhighavailability,DES

ASA5520-BUN-K9 – CiscoASA5520FirewallEdition,4GigabitEthernetports+1FastEthernetinterface,750IPsecVPNand2SSLVPNpeers,Active/Activeand

Active/Standbyhighavailability,3DES/AES

ASA5520-AIP10-K9 – CiscoASA5520IPSEdition,AIP-SSM-10,firewallservices,750IPsecVPNand2SSLVPNpeers,4GigabitEthernetports,1FastEthernetinterface

ASA5520-AIP20-K9 – CiscoASA5520IPSEdition,AIP-SSM-20,firewallservices,750IPsecVPNand2SSLVPNpeers,4GigabitEthernetports,1FastEthernetinterface

ASA5520-CSC10-K9 – CiscoASA5520Anti-XEdition,CSC-SSM-10,50-userantivirus/anti-spywarewith1-yrsubscription,firewallservices,750IPsecVPNand2SSLVPN

peers,4GigabitEthernetports,1FastEthernetinterface

ASA5520-CSC20-K9 – CiscoASA5520Anti-XEdition,CSC-SSM-20,500-userantivirus/anti-spywarewith1-yrsubscription,firewallservices,750IPsecVPNand2SSLVPN

peers,4GigabitEthernetports,1FastEthernetinterface

ASA5520-SSL500-K9 6621351 CiscoASA5520SSL/IPsecVPNEdition,750IPsecVPNand500SSLVPNpeers,firewallservices,4GigabitEthernetports,1FastEthernetinterface

Cisco PIX 525R

Active/Standbyhighavailability,DES

Active/Standbyhighavailability,3DES/AES

peers,4GigabitEthernetports,1FastEthernetinterface

Cisco PIX 525

UR/FO/FO-AA

Active/Standbyhighavailability,DES

Active/Standbyhighavailability,3DES/AES

peers,4GigabitEthernetports,1FastEthernetinterface

At-A-Glance

Upsell Guide—

Migrating Cisco PIX Requests to Cisco ASA 5500 Sales

ASA5540-K8 6605511 CiscoASA5540FirewallEdition,4GigabitEthernetports+1FastEthernetinterface,5000IPsecVPNand2SSLVPNpeers,DES

ASA5540-BUN-K9 5822783 CiscoASA5540FirewallEdition,4GigabitEthernetports+1FastEthernetinterface,5000IPsecVPNand2SSLVPNpeers,3DES/AES

ASA5540-AIP20-K9 5822804 CiscoASA5540IPSEdition,AIP-SSM-20module,Firewallservices,5000IPsecVPNand2SSLVPNpeers,4GigabitEthernetports,1FastEthernetinterface

ASA5540-SSL1000-K9 6653547 CiscoASA5540SSL/IPsecVPNEdition,5000IPsecVPNand1000SSLVPNpeers,firewallservices,4GigabitEthernetports,1FastEthernetinterface

ASA5540-SSL2500-K9 6653555 CiscoASA5540SSL/IPsecVPNEdition,5000IPsecVPNand2500SSLVPNpeers,firewallservices,4GigabitEthernetports,1FastEthernetinterface

Cisco PIX 535

ASA5550-K8 6772781 CiscoASA5550FirewallEdition,8GigabitEthernetports+1FastEthernetinterface,4GigabitSFPports,5000IPsecVPNand2SSLVPNpeers,DES

ASA5550-BUN-K9 6772802 CiscoASA5550FirewallEdition,8GigabitEthernetports+1FastEthernetinterface,4GigabitSFPports,5000IPsecVPNand2SSLVPNpeers,3DES/AES

ASA5550-SSL2500-K9 6772811 CiscoASA5550SSL/IPsecVPNEdition,5000IPsecVPNand2500SSLVPNpeers,firewallservices,8GigabitEthernetports,1FastEthernetinterface

ASA5550-SSL5000-K9 6772829 CiscoASA5550SSL/IPsecVPNEdition,5000IPsecVPNand5000SSLVPNpeers,firewallservices,8GigabitEthernetports,1FastEthernetinterface

Product Specifications

Cisco ASA 5505 Cisco ASA 5510 Cisco ASA 5520 Cisco ASA 5540 Cisco ASA 5550

Users and nodes

10,50,orunlimited Unlimited Unlimited Unlimited Unlimited

Firewall throughput

Upto150Mbps Upto300Mbps Upto450Mbps Upto650Mbps Upto1.2Gbps

Concurrent threat

mitigation throughput

(firewall + IPS services)

Notavailable Upto150MbpswithCiscoASA

5500SeriesAdvancedInspection

andPreventionSecurityServices

Module(AIPSSM)10(partnumber

AIP-SSM-10);Upto300Mbpswith

CiscoASA5500SeriesAIPSSM20

(partnumberAIP-SSM-20)

Upto225MbpswithAIP-SSM-10;

Upto375MbpswithAIP-SSM-20

Upto450MbpswithAIP-SSM-20 Notavailable

3DES/AES VPN throughput

Upto100Mbps Upto170Mbps Upto225Mbps Upto325Mbps Upto360Mbps

IPsec VPN peers

10;25* 250 750 5000 5000

SSL VPN peers*

(included/maximum)

2/25 2/250 2/750 2/2500 2/5000

Concurrent sessions

10,000;25,000* 50,000;130,000* 280,000 400,000 650,000

New sessions per second

3,000 6,000 9,000 20,000 28,000

Integrated network ports

8-portFastEthernetswitch

(including2PoEports)

5FastEthernetports 4GigabitEthernetportsplus

1FastEthernetport

4GigabitEthernetportsplus

1FastEthernetport

8GigabitEthernetports,SFPfiber,

and1FastEthernetport

Virtual interfaces (VLANs)

3(trunkingdisabled)/

20*(trunkingenabled)

50/100* 150 200 250

Security contexts

(included/maximum)

0/0 0/0(Base);2/5(SecurityPlus) 2/20 2/50 2/50

High availability

Notsupported;

statelessActive/Standby*

Notsupported;Active/Activeand

Active/Standby*

Active/ActiveandActive/Standby Active/ActiveandActive/Standby Active/ActiveandActive/Standby

Expansion slot

1,SSC 1,SSM 1,SSM 1,SSM 0

*Availablethroughanupgradelicense

Copyright © 2007 Cisco Systems, Inc. All rights reserved. Cisco, Cisco IOS, Cisco Systems, and the Cisco Systems logo are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. C45-388594-00 01/07

ACRONYMS

SSC:SecurityServicesCard,SSM:SecurityServicesModule,AIP-SSM:AdvancedInspectionandPreventionSecurityServicesModule,CSC-SSM:ContentSecurityandControlSecurityServicesModule,4GE-SSM: 4GigabitEthernetSecurityServicesModule