© 2005 Cisco Systems, Inc. All rights reserved.
Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 11 of 20
Feature
Benefit
Site-to-Site VPN Services
•
Extends networks securely over the Internet by helping ensure data privacy, data integrity, and strong
authentication to remote networks, with support for up to 5000 simultaneous remotely connected sites
(on
Cisco
ASA 5540 appliances that have a VPN Premium license)
•
Supports Internet Key Exchange (IKE) and IPSec VPN standards with hub-and-spoke or meshed VPN
configurations
•
Improves network reliability and performance through support of OSPF dynamic routing and reverse-route
injection over site-to-site VPN tunnels
X.509 Certificate and
Certificate Revocation
List
(CRL) Support
•
Supports Simple Certificate Enrollment Protocol (SCEP)-based enrollment and manual enrollment with leading
X.509 solutions from Baltimore, Cisco, Entrust, iPlanet/Netscape, Microsoft, RSA, and VeriSign
•
Interoperates with large-scale PKI deployments through n-tiered certificate hierarchy support
•
Delivers the ability to manually enroll into X.509 certificate authorities through support for Public Key Cryptography
Standard (PKCS) #10 formatted certificate requests
•
Enables the manual importing of certificates using PKCS #7, and importing certificates with private keys using
PKCS #12
•
Supports a variety of RSA (Rivest, Shamir, Adelmen) key sizes ranging up to 4096 bits
•
Includes support for DSA (Digital Signature Algorithm)-based X.509 certificates with key sizes ranging up to
1024
bits
High-Availability Services
Active/Standby Stateful
Failover
•
Leverages the award-winning stateful failover capabilities of the Cisco PIX Security Appliances to ensure resilient
network protection for enterprise network environments
•
Cisco ASA 5500 Series appliances that are configured as a failover pair continuously synchronize their connection
state and device configuration data. In the event of a system or network failure, network sessions are
automatically transitioned between firewalls, with complete transparency to users
Active/Active Stateful
Failover
•
Provides a complementary solution to Active/Standby failover, where both systems in an Active/Active failover pair
actively pass network traffic simultaneously—effectively doubling the throughput of the failover pair for bursty
network traffic conditions
•
Supports bidirectional state sharing between Active/Active failover pair members for support of advanced network
environments with asymmetric routing topologies, allowing flows to enter through one Cisco ASA 5500 Series
appliance and exit through the other, if required
VPN Stateful Failover
•
Maximizes VPN connection uptime with new Active/Standby stateful failover for VPN connections
•
Synchronizes all security association state information and session key material between failover pair members,
providing a highly resilient VPN solution
LAN-Based Failover
•
Enables geographic separation of Cisco ASA 5500 Series appliances in a failover pair by allowing failover
information to be shared over a dedicated LAN connection between failover pair members
Zero-Downtime Software
Upgrades
•
Enables businesses to perform software maintenance release upgrades on Cisco ASA 5500 Series appliance
failover pairs without affecting network uptime or connections
Intelligent Networking Services
Security Contexts
•
Enables creation of multiple security contexts (virtual firewalls) within a single Cisco ASA 5500 Series appliance,
with each context having its own set of security policies, logical interfaces, and administrative domains
•
Supports four licensed levels of security contexts: 5, 10, 20, and 50 (the maximum number of contexts supported
is based on the Cisco ASA 5500 Series model)
•
Provides businesses a convenient way of consolidating multiple firewalls into a single physical appliance or
failover pair, while retaining the ability to separately manage each of these virtual instances
•
Enables service providers to deliver resilient multi-tenant firewall services with a pair of redundant appliances
This feature is licensed separately.