background image

 

 

© 2005 Cisco Systems, Inc. All rights reserved. 

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com. 

Page 9 of 20 

 
 

Feature 

 

Benefit

 

transparent bridging modes 

 

Gives administrators granular control over protocols, and provides custom regular expression matching tools for 
businesses to craft environment-specific signatures

 

 

Uses auto-update capability to download the latest threat information from Cisco.com (refer to Cisco Services for 
IPS for more information)

 

 

These features are available only when an AIP SSM is installed in a Cisco ASA 5500 Series appliance. 

Multi-Vector Threat 
Protection

 

 

Incorporates a variety of technologies to defend businesses from many popular forms of attacks, including DoS 
attacks, fragmented attacks, replay attacks, and malformed packet attacks 

 

Provides advanced attack protection features such as DNSGuard, FloodGuard, FragGuard, MailGuard, IPVerify, 
and TCP intercept to identify and stop a wide range of attacks

 

 

Delivers advanced TCP stream reassembly and traffic normalization services to assist in detecting hidden 
application and protocol layer attacks

 

URL Filtering

 

 

Enables robust employee Web usage management and control through integration with Websense- and Secure 
Computing/N2H2- based URL filtering solutions 

 

Supports HTTPS and FTP Web request filtering through enhanced Websense integration

 

ActiveX and Java Filtering

 

 

Provides optional filtering of ActiveX and Java applets to prevent downloads of malware and the resulting damage 
malware can create

 

Network Containment and Control Services

 

Stateful Inspection Firewall 
Services

 

 

Provides wide range of perimeter network security services to prevent unauthorized network access 

 

Delivers robust stateful inspection firewall services that track the state of all network communications

 

 

Provides flexible access-control capabilities for more than 100 predefined applications, services, and protocols, 
with the ability to define custom applications and services

 

 

Supports inbound and outbound access control lists (ACLs) for interfaces, time-based ACLs, and per-user or -
group policies for improved control over network and application usage

 

 

Simplifies management of security policies by giving administrators the ability to create reusable network and 
service object groups that can be referenced by multiple security policies, simplifying initial policy definition and 
ongoing policy maintenance

 

Access Control Services

 

 

Delivers a flexible solution for defining access control policies by including support for outbound ACLs (in addition 
to inbound ACLs), allowing access controls to be enforced as network traffic enters or exits an interface 

 

Gives administrators greater control over resource usage by defining time-based ACLs, when certain ACL entries 
are active, with custom time ranges applied to selected ACLs

 

 

Offers a convenient troubleshooting tool that allows administrators to test and fine-tune ACLs without the need to 
remove and replace ACL entries

 

 

Enables the creation of security policies based on interface name instead of IP address, a feature that is 
especially useful in broadband environments where the external interface is typically assigned a dynamic IP 
address

 

 

Provides powerful reporting and troubleshooting capabilities that help enable collection of detailed statistics on 
which ACL entries are triggered by network traffic attempting to traverse a security appliance

 

 

Gives precise control over which ACL entry-related syslog events are generated

 

 

Supports dynamic downloading and enforcement of ACLs on a per-user basis, upon user authentication with the 
firewall

 

Object Grouping

 

 

Enables administrators to group network objects (such as devices, networks, and services) into logical groups to 
greatly simplify access control rule definition and maintenance

 

NAT and PAT Services

 

 

Provides rich dynamic, static, and policy-based NAT and PAT services 

 

Simplifies deployment of Cisco ASA 5500 Series appliances by eliminating the requirement for address translation 
policies to be in place before allowing network traffic to flow—now, only hosts and networks that require address 
translation will need to have address translation policies configured

 

Summary of Contents for Cisco ASA 5500 Series

Page 1: ...network antivirus and IP Security Secure Sockets Layer IPSec SSL VPN technologies deliver robust application security user and application based access control worm and virus mitigation malware protection and remote user and site connectivity Extensible Adaptive Identification and Mitigation services architecture Taking advantage of a modular services processing and policy framework the Cisco Adap...

Page 2: ...k detection coupled with advanced analysis techniques resulting in highly accurate threat classification that helps ensure appropriate mitigation actions are taken with no impact on legitimate network traffic Advanced Detection Techniques To help ensure that threats do not go unnoticed the Cisco ASA 5500 Series offers numerous methods to identify policy violations anomalous activity and vulnerabil...

Page 3: ...ologies that deliver tailored solutions to suit connectivity requirements providing employees company managed desktops with robust customizable remote access through an IPSec VPN For situations where endpoints are not company managed such as extranets Internet kiosks or employee owned desktops the Cisco ASA 5500 Series delivers WebVPN for SSL based remote access Taking advantage of Cisco remote ac...

Page 4: ...ents that require simultaneous dual stack support of IPv4 and IPv6 Quality of Service QoS Low Latency Queuing LLQ and Traffic Policing features support applications with demanding QoS requirements such as voice or video helping ensure an end to end network QoS policy latency sensitive traffic can be prioritized ahead of file transfer and other more delay tolerant traffic IP phone zero touch provis...

Page 5: ...cess VPN capabilities Alternatively it serves equally well in the network interior for interdepartmental access control and to guard against worms viruses and other malicious code that internal users may unwittingly bring into a network In small business and branch office environments the Cisco ASA 5500 Series serves as an all in one solution offering comprehensive threat prevention and VPN servic...

Page 6: ...ty of desktop server and network security solutions to determine the actual attack path and provide mitigation options thus simplifying security incident management for environments where dedicated security analysts may not be available Additionally Cisco offers the CiscoWorks Security Information Management Solution CiscoWorks SIMS which is well suited for large enterprises and managed security s...

Page 7: ...e tracking response validation Multipurpose Internet Mail Extensions MIME type validation and content control Uniform Resource Identifier URI length enforcement and more Tunneling Application Control Provides advanced inspection services to detect and optionally block instant messaging peer to peer file sharing and other applications tunneling through Web application ports Blocks popular instant m...

Page 8: ...in real time networking environments TAPI JTAPI over CTIQBE Security Services Supports inspection of various Cisco TAPI and JTAPI based applications that use CTIQBE including Cisco IP SoftPhone and the Cisco Customer Response solution Fragmented and Segmented Multimedia Stream Inspection Enables inspection of H 323 SIP and SCCP based voice and multimedia streams that have been fragmented or segmen...

Page 9: ...ts inbound and outbound access control lists ACLs for interfaces time based ACLs and per user or group policies for improved control over network and application usage Simplifies management of security policies by giving administrators the ability to create reusable network and service object groups that can be referenced by multiple security policies simplifying initial policy definition and ongo...

Page 10: ...PN Client Available on wide range of platforms including Microsoft Windows 98 ME NT 2000 and XP Sun Solaris Intel based Linux distributions and Apple Macintosh OS X Provides many innovative features including dynamic security policy downloading from Cisco Easy VPN Server enabled products automatic failover to back up Easy VPN Servers administrator customizable distributions and more Integrates wit...

Page 11: ... of a system or network failure network sessions are automatically transitioned between firewalls with complete transparency to users Active Active Stateful Failover Provides a complementary solution to Active Standby failover where both systems in an Active Active failover pair actively pass network traffic simultaneously effectively doubling the throughput of the failover pair for bursty network...

Page 12: ...ath routes Routing Information Protocol RIP Dynamic Routing Enables secure integration in RIP based enterprise networks by learning routing updates for both versions 1 and 2 of the protocol Protects against RIP based reconnaissance activities and DoS attacks by supporting plaintext and keyed MD5 authentication methods for RIPv2 Multicast Routing Streamlines the delivery of multimedia traffic in vi...

Page 13: ...l user database or through integration with enterprise databases either directly using TACACS and RADIUS or indirectly with Cisco Secure Access Control Server ACS Supports up to 16 levels of customizable administrative roles so that businesses can grant administrators and operations personnel the appropriate level of access to each appliance for example monitoring only access read only access to t...

Page 14: ...configuration data certificates and key material stored on Cisco ASA 5500 Series appliances by automatically wiping flash memory contents if an asset recovery or password reset procedure occurs if preconfigured to do so Scheduled System Reloads Allows administrators to schedule a reload on a Cisco ASA 5500 Series appliance either at a specific time or at an offset from the current time making it s...

Page 15: ... a Security Plus license This license increases port density on the platform by enabling the fourth Fast Ethernet port and removing the restriction on the out of band management port so that it can be repurposed to a general traffic port if desired Integration into switched network environments is simplified with this license as support for up to 10 VLANs is enabled Furthermore this upgrade licens...

Page 16: ...products listed in Table 3 for site to site VPN connectivity Table 3 Site to Site VPN Compatibility Between Cisco ASA 5500 Series and VPN Products VPN Gateway Versions Supported Cisco ASA 5500 Series Appliances Cisco ASA Software Version 7 0 1 and later Cisco IOS Software Routers Cisco IOS Software Release 12 1 6 T and later Cisco PIX Security Appliances Cisco PIX Security Appliance Software Versi...

Page 17: ...forms Supported Cisco ASA 5510 Adaptive Security Appliance Cisco ASA 5520 Adaptive Security Appliance Cisco ASA 5540 Adaptive Security Appliance Minimum RAM Cisco ASA 5510 256 MB Cisco ASA 5520 512 MB Cisco ASA 5540 1024 MB Minimum System Flash Memory 64 MB Expansion Cards Supported Cisco AIP SSM AIP SSM 10 AIP SSM 20 ORDERING INFORMATION To place an order visit the Cisco Ordering Home Page or ref...

Page 18: ...sion 7 0 Cisco Adaptive Security Device Manager Version 5 0 SERVICE AND SUPPORT Cisco offers a wide range of services programs to accelerate customer success These innovative service programs are delivered through a unique combination of people processes tools and partners resulting in high levels of customer satisfaction Cisco services help you protect your network investment optimize network ope...

Page 19: ...ssia Saudi Arabia Scotland Singapore Slovakia Slovenia South Africa Spain Sweden Switzerland Taiwan Thailand Turkey Ukraine United Kingdom United States Venezuela Vietnam Zimbabwe Copyright 2005 Cisco Systems Inc All rights reserved CCSP CCVP the Cisco Square Bridge logo Follow Me Browsing and StackWise are trademarks of Cisco Systems Inc Changing the Way We Work Live Play and Learn and iQuick Stu...

Page 20: ... 2005 Cisco Systems Inc All rights reserved Important notices privacy statements and trademarks of Cisco Systems Inc can be found on cisco com Page 20 of 20 ...

Reviews: