Cisco Cisco ASA 5500 Series, Техническое описание

Страница: 4 / 20

© 2005 Cisco Systems, Inc. All rights reserved.
Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 4 of 20
•
Robust security and performance—Branch and remote offices extend a company’s reach into important markets and locations. Cisco ASA 5500
Series-based VPN solutions help enable secure, high-speed communications between multiple locations, offering the performance, reliability, and
availability that businesses need to communicate.
Intelligent Network Integration
The Cisco ASA 5500 Series takes advantage of more than 20 years of Cisco networking leadership and innovation, and delivers a wide range of
intelligent networking services for seamless integration into today’s diverse network environments. Key network integration services include:
•
Layer 2 transparent firewall—Provides the ability to rapidly deploy Cisco ASA 5500 Series appliances into existing networks without requiring
any addressing changes, and delivers high-performance stealth Layers 2–7 security services and provides protection against network layer attacks
with integration in complex routing, high-availability, and multicast environments.
•
Services virtualization—Enables the logical partitioning of a single Cisco ASA 5500 Series appliance into multiple virtual firewalls, each with its
own unique policies and administration; this capability is ideal for enterprises consolidating multiple firewalls into a single Cisco ASA 5500
Series appliance, or for service providers that offer managed firewall or hosting services.
•
Standard 802.1q-based VLAN support—Provides easy integration into switched network environments.
•
Open Shortest Path First (OSPF) dynamic routing services—Improve networking resiliency by detecting network outages within seconds, and
routing around them.
•
Protocol Independent Multicast (PIM) Sparse Mode v2 and bidirectional PIM routing support—Provide secure delivery of mission-critical
real-time enterprise applications, collaborative computing applications, and streaming multimedia services.
•
IPv6 support—Allows secure deployment of next-generation IPv6 networks, as well as hybrid environments that require simultaneous, dual-stack
support of IPv4 and IPv6.
•
Quality of Service (QoS)—Low-Latency Queuing (LLQ) and Traffic Policing features support applications with demanding QoS requirements,
such as voice or video, helping ensure an end-to-end network QoS policy; latency-sensitive traffic can be prioritized ahead of file transfer and
other more delay-tolerant traffic.
•
IP phone “zero-touch provisioning” services—Simplifies IP phone deployments by helping the phones register with the correct Cisco
CallManager systems and download any additional configuration information and software images.
•
Resilient architecture—Provides businesses with both stateful Active/Active and Active/Standby high-availability services, as well as VPN
device clustering, to help maximize throughput and network uptime; the Cisco ASA 5500 Series also supports “zero-downtime software
upgrades,” which allow businesses to install software maintenance releases on failover pairs without affecting connections or network uptime;
additionally, integrated dynamic load-balancing capabilities provide high session scalability and resiliency for remote-access VPN deployments.
UNIQUE ADAPTIVE IDENTIFICATION AND MITIGATION SERVICES ARCHITECTURE
Through its unique Adaptive Identification and Mitigation services architecture, the Cisco ASA 5500 Series brings a new level of security and policy
control to networks (Figure 1). The AIM architecture allows businesses to adapt and extend the security services profile of the Cisco ASA 5500
Series through highly customizable flow-specific security policies that tailor security needs to application requirements while providing performance
and security service extensibility through user-installable SSMs. This adaptable architecture enables businesses deploy security services when and
where they are needed, such as tailoring inspection techniques to specific application and user needs or adding additional intrusion prevention and
anti-x services such as those delivered by the Adaptive Inspection and Prevention (AIP) SSM. Furthermore, the AIM architecture enables the
integration of future threat identification and mitigation services, further extending the outstanding investment protection provided by the Cisco
ASA 5500 Series, and allowing businesses to adapt their network defenses to new threats as they arise.