ASA Model Comparison
Posted on Monday, April 20, 2009
This article was posted in Security
| Cisco ASA 5500 Series Model/License | 5505 Base/Security Plus | 5510 Base/Security Plus | 5520 | 5540 | 5550 |
| Cisco Adaptive Security Appliance Software Version (latest) | 7.2.2 | 7.2.2 | 7.2.2 | 7.2.2 | 7.2.2 |
| Market | Small Business, Branch Office, Enterprise Teleworker | SMB and Small Enterprise | Small Enterprise | Medium Enterprise | Large Enterprise |
| Performance Summary | |||||
| Maximum firewall throughput (Mbps) | 150 | 300 | 450 | 650 | 1200 |
| Maximum 3DES/AES VPN throughput (Mbps) | 100 | 170 | 225 | 325 | 425 |
| Maximum site-to-site and remote access VPN user sessions | 25-Oct | 250 | 750 | 5,000 | 5,000 |
| Maximum SSL VPN user sessions1 | 25 | 250 | 750 | 2,500 | 5,000 |
| Maximum connections | 10,000/25,000 | 50,000/130,000 | 280,000 | 400,000 | 650,000 |
| Maximum connections/second | 3,000 | 6,000 | 9,000 | 20,000 | 28,000 |
| Packets per second (64 byte) | 85,000 | 190,000 | 320,000 | 500,000 | 600,000 |
| Technical Summary | |||||
| Memory (MB) | 256 | 256 | 512 | 1024 | 4096 |
| System flash (MB) | 64 | 64 | 64 | 64 | 64 |
| Integrated ports | 8 port 10/100 switch with 2 Power over Ethernet ports | 5-10/100 | 4-10/100/1000, | 4-10/100/1000, | 8-10/100/1000, |
| 1-10/100 | 1-10/100 | 1-10/100 | |||
| Maximum virtual interfaces (VLANs) | 3 (trunking disabled) / 20 (trunking enabled) | 50/100 | 150 | 200 | 250 |
| SSC/SSM expansion slot | Yes (SSC) | Yes (SSM) | Yes (SSM) | Yes (SSM) | No |
| SSC/SSM Capabilities | |||||
| SSC/SSMs supported | Future, SSC | CSC-SSM, AIP-SSM, 4GE-SSM | CSC-SSM, AIP-SSM, 4GE-SSM | CSC-SSM, AIP-SSM, 4GE-SSM | No |
| Intrusion Prevention | Not available | Yes (with AIP-SSM) | Yes (with AIP-SSM) | Yes (with AIP-SSM) | No |
| Concurrent threat mitigation throughput (Mbps) (firewall + IPS services) | Not available | 150 (with AIP-SSM-10) | 225 (with AIP-SSM-10) | 450 (with AIP-SSM-20) | Not available |
| 300 (with AIP-SSM-20) | 375 (with AIP-SSM-20) | ||||
| Anti-X (anti-virus, anti-spyware, file blocking, anti-spam, anti-phishing, and URL filtering) | Not available | Yes (with CSC-SSM) | Yes (with CSC-SSM) | Yes (with CSC-SSM) | Not available |
| Maximum number of users for anti-virus, anti-spyware, file blocking (CSC-SSM only) | Not available | 500 (CSC-SSM-10) | 500 (CSC-SSM-10) | 500 (CSC-SSM-10) | Not available |
| 1000 (CSC-SSM-20) | 1000 (CSC-SSM-20) | 1000 (CSC-SSM-20) | |||
| CSC SSM Plus License features | Not available | Anti-spam, anti-phishing, URL filtering | Anti-spam, anti-phishing, URL filtering | Anti-spam, anti-phishing, URL filtering | Not available |
| Features | |||||
| Application-layer security | Yes | Yes | Yes | Yes | Yes |
| Layer 2 transparent firewalling | Yes | Yes | Yes | Yes | Yes |
| Security contexts (included/maximum)3 | 0/0 | 0/0 / 2/5 | 20-Feb | Feb-50 | Feb-50 |
| GTP/GPRS inspection3 | Not available | Not available | Yes | Yes | Yes |
| High availability support4 | Not supported / Stateless A/S | Not supported / A/A and A/S | A/A and A/S | A/A and A/S | A/A and A/S |
| IPSec and WebVPN services | Yes | Yes | Yes | Yes | Yes |
| VPN clustering and load balancing | Not available | Not available | Yes | Yes | Yes |
| 1Beginning with Cisco ASA Software v7.1, SSL VPN (Web VPN) capability requires a license. Systems include 2 SSL VPN users by default for evaluation and remote management purposes | |||||
| 2 Dedicated out-of-band (OOB) management port (will not route any traffic through the Cisco ASA 5510 Adaptive Security Appliance) | |||||
| 3 Licensed features | |||||
| 4 A/S = Active/Standby; A/A = Active/Active | |||||