background image

 

 

© 2005 Cisco Systems, Inc. All rights reserved. 

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com. 

Page 11 of 20 

 
 

Feature 

 

Benefit

 

Site-to-Site VPN Services

 

 

Extends networks securely over the Internet by helping ensure data privacy, data integrity, and strong 
authentication to remote networks, with support for up to 5000 simultaneous remotely connected sites 
(on

 

Cisco

 

ASA 5540 appliances that have a VPN Premium license) 

 

Supports Internet Key Exchange (IKE) and IPSec VPN standards with hub-and-spoke or meshed VPN 
configurations

 

 

Improves network reliability and performance through support of OSPF dynamic routing and reverse-route 
injection over site-to-site VPN tunnels

 

X.509 Certificate and 
Certificate Revocation 
List

 

(CRL) Support

 

 

Supports Simple Certificate Enrollment Protocol (SCEP)-based enrollment and manual enrollment with leading 
X.509 solutions from Baltimore, Cisco, Entrust, iPlanet/Netscape, Microsoft, RSA, and VeriSign 

 

Interoperates with large-scale PKI deployments through n-tiered certificate hierarchy support

 

 

Delivers the ability to manually enroll into X.509 certificate authorities through support for Public Key Cryptography 
Standard (PKCS) #10 formatted certificate requests

 

 

Enables the manual importing of certificates using PKCS #7, and importing certificates with private keys using 
PKCS #12

 

 

Supports a variety of RSA (Rivest, Shamir, Adelmen) key sizes ranging up to 4096 bits

 

 

Includes support for DSA (Digital Signature Algorithm)-based X.509 certificates with key sizes ranging up to 
1024

 

bits

 

High-Availability Services

 

Active/Standby Stateful 
Failover

 

 

Leverages the award-winning stateful failover capabilities of the Cisco PIX Security Appliances to ensure resilient 
network protection for enterprise network environments 

 

Cisco ASA 5500 Series appliances that are configured as a failover pair continuously synchronize their connection 
state and device configuration data. In the event of a system or network failure, network sessions are 
automatically transitioned between firewalls, with complete transparency to users

 

Active/Active Stateful 
Failover

 

 

Provides a complementary solution to Active/Standby failover, where both systems in an Active/Active failover pair 
actively pass network traffic simultaneously—effectively doubling the throughput of the failover pair for bursty 
network traffic conditions 

 

Supports bidirectional state sharing between Active/Active failover pair members for support of advanced network 
environments with asymmetric routing topologies, allowing flows to enter through one Cisco ASA 5500 Series 
appliance and exit through the other, if required

 

VPN Stateful Failover

 

 

Maximizes VPN connection uptime with new Active/Standby stateful failover for VPN connections 

 

Synchronizes all security association state information and session key material between failover pair members, 
providing a highly resilient VPN solution

 

LAN-Based Failover

 

 

Enables geographic separation of Cisco ASA 5500 Series appliances in a failover pair by allowing failover 
information to be shared over a dedicated LAN connection between failover pair members

 

Zero-Downtime Software 
Upgrades

 

 

Enables businesses to perform software maintenance release upgrades on Cisco ASA 5500 Series appliance 
failover pairs without affecting network uptime or connections

 

Intelligent Networking Services

 

Security Contexts

 

 

Enables creation of multiple security contexts (virtual firewalls) within a single Cisco ASA 5500 Series appliance, 
with each context having its own set of security policies, logical interfaces, and administrative domains 

 

Supports four licensed levels of security contexts: 5, 10, 20, and 50 (the maximum number of contexts supported 
is based on the Cisco ASA 5500 Series model)

 

 

Provides businesses a convenient way of consolidating multiple firewalls into a single physical appliance or 
failover pair, while retaining the ability to separately manage each of these virtual instances

 

 

Enables service providers to deliver resilient multi-tenant firewall services with a pair of redundant appliances

 

 

This feature is licensed separately. 

Содержание Cisco ASA 5500 Series

Страница 1: ...network antivirus and IP Security Secure Sockets Layer IPSec SSL VPN technologies deliver robust application security user and application based access control worm and virus mitigation malware protection and remote user and site connectivity Extensible Adaptive Identification and Mitigation services architecture Taking advantage of a modular services processing and policy framework the Cisco Adap...

Страница 2: ...k detection coupled with advanced analysis techniques resulting in highly accurate threat classification that helps ensure appropriate mitigation actions are taken with no impact on legitimate network traffic Advanced Detection Techniques To help ensure that threats do not go unnoticed the Cisco ASA 5500 Series offers numerous methods to identify policy violations anomalous activity and vulnerabil...

Страница 3: ...ologies that deliver tailored solutions to suit connectivity requirements providing employees company managed desktops with robust customizable remote access through an IPSec VPN For situations where endpoints are not company managed such as extranets Internet kiosks or employee owned desktops the Cisco ASA 5500 Series delivers WebVPN for SSL based remote access Taking advantage of Cisco remote ac...

Страница 4: ...ents that require simultaneous dual stack support of IPv4 and IPv6 Quality of Service QoS Low Latency Queuing LLQ and Traffic Policing features support applications with demanding QoS requirements such as voice or video helping ensure an end to end network QoS policy latency sensitive traffic can be prioritized ahead of file transfer and other more delay tolerant traffic IP phone zero touch provis...

Страница 5: ...cess VPN capabilities Alternatively it serves equally well in the network interior for interdepartmental access control and to guard against worms viruses and other malicious code that internal users may unwittingly bring into a network In small business and branch office environments the Cisco ASA 5500 Series serves as an all in one solution offering comprehensive threat prevention and VPN servic...

Страница 6: ...ty of desktop server and network security solutions to determine the actual attack path and provide mitigation options thus simplifying security incident management for environments where dedicated security analysts may not be available Additionally Cisco offers the CiscoWorks Security Information Management Solution CiscoWorks SIMS which is well suited for large enterprises and managed security s...

Страница 7: ...e tracking response validation Multipurpose Internet Mail Extensions MIME type validation and content control Uniform Resource Identifier URI length enforcement and more Tunneling Application Control Provides advanced inspection services to detect and optionally block instant messaging peer to peer file sharing and other applications tunneling through Web application ports Blocks popular instant m...

Страница 8: ...in real time networking environments TAPI JTAPI over CTIQBE Security Services Supports inspection of various Cisco TAPI and JTAPI based applications that use CTIQBE including Cisco IP SoftPhone and the Cisco Customer Response solution Fragmented and Segmented Multimedia Stream Inspection Enables inspection of H 323 SIP and SCCP based voice and multimedia streams that have been fragmented or segmen...

Страница 9: ...ts inbound and outbound access control lists ACLs for interfaces time based ACLs and per user or group policies for improved control over network and application usage Simplifies management of security policies by giving administrators the ability to create reusable network and service object groups that can be referenced by multiple security policies simplifying initial policy definition and ongo...

Страница 10: ...PN Client Available on wide range of platforms including Microsoft Windows 98 ME NT 2000 and XP Sun Solaris Intel based Linux distributions and Apple Macintosh OS X Provides many innovative features including dynamic security policy downloading from Cisco Easy VPN Server enabled products automatic failover to back up Easy VPN Servers administrator customizable distributions and more Integrates wit...

Страница 11: ... of a system or network failure network sessions are automatically transitioned between firewalls with complete transparency to users Active Active Stateful Failover Provides a complementary solution to Active Standby failover where both systems in an Active Active failover pair actively pass network traffic simultaneously effectively doubling the throughput of the failover pair for bursty network...

Страница 12: ...ath routes Routing Information Protocol RIP Dynamic Routing Enables secure integration in RIP based enterprise networks by learning routing updates for both versions 1 and 2 of the protocol Protects against RIP based reconnaissance activities and DoS attacks by supporting plaintext and keyed MD5 authentication methods for RIPv2 Multicast Routing Streamlines the delivery of multimedia traffic in vi...

Страница 13: ...l user database or through integration with enterprise databases either directly using TACACS and RADIUS or indirectly with Cisco Secure Access Control Server ACS Supports up to 16 levels of customizable administrative roles so that businesses can grant administrators and operations personnel the appropriate level of access to each appliance for example monitoring only access read only access to t...

Страница 14: ...configuration data certificates and key material stored on Cisco ASA 5500 Series appliances by automatically wiping flash memory contents if an asset recovery or password reset procedure occurs if preconfigured to do so Scheduled System Reloads Allows administrators to schedule a reload on a Cisco ASA 5500 Series appliance either at a specific time or at an offset from the current time making it s...

Страница 15: ... a Security Plus license This license increases port density on the platform by enabling the fourth Fast Ethernet port and removing the restriction on the out of band management port so that it can be repurposed to a general traffic port if desired Integration into switched network environments is simplified with this license as support for up to 10 VLANs is enabled Furthermore this upgrade licens...

Страница 16: ...products listed in Table 3 for site to site VPN connectivity Table 3 Site to Site VPN Compatibility Between Cisco ASA 5500 Series and VPN Products VPN Gateway Versions Supported Cisco ASA 5500 Series Appliances Cisco ASA Software Version 7 0 1 and later Cisco IOS Software Routers Cisco IOS Software Release 12 1 6 T and later Cisco PIX Security Appliances Cisco PIX Security Appliance Software Versi...

Страница 17: ...forms Supported Cisco ASA 5510 Adaptive Security Appliance Cisco ASA 5520 Adaptive Security Appliance Cisco ASA 5540 Adaptive Security Appliance Minimum RAM Cisco ASA 5510 256 MB Cisco ASA 5520 512 MB Cisco ASA 5540 1024 MB Minimum System Flash Memory 64 MB Expansion Cards Supported Cisco AIP SSM AIP SSM 10 AIP SSM 20 ORDERING INFORMATION To place an order visit the Cisco Ordering Home Page or ref...

Страница 18: ...sion 7 0 Cisco Adaptive Security Device Manager Version 5 0 SERVICE AND SUPPORT Cisco offers a wide range of services programs to accelerate customer success These innovative service programs are delivered through a unique combination of people processes tools and partners resulting in high levels of customer satisfaction Cisco services help you protect your network investment optimize network ope...

Страница 19: ...ssia Saudi Arabia Scotland Singapore Slovakia Slovenia South Africa Spain Sweden Switzerland Taiwan Thailand Turkey Ukraine United Kingdom United States Venezuela Vietnam Zimbabwe Copyright 2005 Cisco Systems Inc All rights reserved CCSP CCVP the Cisco Square Bridge logo Follow Me Browsing and StackWise are trademarks of Cisco Systems Inc Changing the Way We Work Live Play and Learn and iQuick Stu...

Страница 20: ... 2005 Cisco Systems Inc All rights reserved Important notices privacy statements and trademarks of Cisco Systems Inc can be found on cisco com Page 20 of 20 ...

Отзывы: