Cisco ASA 5510 Model

The Cisco ASA 5510 model is designed to deliver advanced security services for small and medium-sized businesses and enterprise branch offices. This model provides advanced firewall and VPN capabilities and has optional Anti-X (Adaptive Threat Defense) and IPS services that use the Cisco AIP-SSM-10 module.

Figure 3-1 shows a front view of the Cisco ASA 5510 model.

Figure 3-1. Cisco ASA 5510 Front View

The front panel has the following five LEDs:

  1. Power Solid green indicates that the appliance is powered on.
  2. Status Flashing green indicates that the system is booting and power-up tests are running. Solid green indicates that the system tests passed and the system is operational. Amber solid indicates that the system tests failed.
  3. Active Flashing green indicates network activity.
  4. VPN Solid green indicates that one or more VPN tunnels are active.
  5. Flash Solid green indicates that the Flash memory card is being accessed.

The three ASA models, 5510, 5520, and 5540, offer a one-rack unit (1RU) design. They also have an expansion slot for security-services modules. Figure 3-2 shows a back view of the Cisco ASA 5510 model.

Figure 3-2. Cisco ASA 5510 Back View

The Power, Status, Active, VPN, and Flash LEDs are also present on the back of the Cisco ASA 5510. The Cisco ASA 5510 includes five integrated 10/100 Fast Ethernet network interfaces. Three of these five Fast Ethernet ports are enabled by default (0 to 2). The fifth interface is reserved for out-of-band (OOB) management. The Security Plus license allows you to enable the fourth Fast Ethernet port, and the restriction on the OOB port is also removed. Therefore, you can use all five Fast Ethernet interfaces for the through traffic and apply security services.

Note

The OOB Ethernet port restriction is removed with the Security Plus license; however, it is highly recommended that you solely use this port for OOB management.

Each Fast Ethernet port has an activity LED and a link LED:

The Cisco ASA 5510 Security Plus license enables Cisco ASA 5510 to provide VLAN support on switched networks (up to 10 VLANs). The Security Plus upgrade license also provides a greater number of concurrent virtual private network (VPN) connections for remote users and site-to-site connections.

Note

Similar to the Cisco PIX firewalls, Cisco ASA requires a unique license key to enable certain features. This license key is a 40-digit hexadecimal number represented in 5 tuples (set of fixed-length data types). The security appliance allows an administrator to enter the license key by using the activation-key command.

The output of the show version command includes information about the license installed on the Cisco ASA. The following is an example of the output:

Cisco Adaptive Security Appliance Software Version 7.0(1) Device Manager Version 5.0(1) Compiled on Thu 31-Mar-05 14:37 by builders System image file is "disk0:/ASA701.bin" Config file at boot was "startup-config" ASA-5510-A up 4 days 5 hours Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz Internal ATA Compact Flash, 64MB BIOS Flash AT49LW080: @ 0xffe00000, 1024KB Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0) Boot microcode : CNlite-MC-Boot-Cisco-1.2 SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03 IPSec microcode : CNlite-MC-IPSECm-MAIN-2.03 0: Ext: Ethernet0/0 : media index 0: irq 9 1: Ext: Ethernet0/1 : media index 1: irq 9 2: Ext: Ethernet0/2 : media index 2: irq 9 3: Ext: Not licensed : media index 3: irq 9 4: Ext: Management0/0 : media index 4: irq 11 5: Int: Not licensed : media index 0: irq 11 6: Int: Not licensed : media index 5: irq 5 Licensed features for this platform: Maximum Physical Interfaces : 4 Maximum VLANs : 0 Inside Hosts : Unlimited Failover : Disabled VPN-DES : Enabled VPN-3DES-AES : Enabled Security Contexts : 0 GTP/GPRS : Disabled VPN Peers : 50 This platform has a Base license. Serial Number: JMX0921L03L Running Activation Key: 0x0610c842 0x1c8a31b4 0xb8c32858 0x8e987cc8 0xc222eabf Configuration register is 0x1 Configuration last modified by enable_15 at 07:22:28.233 UTC Wed Jun 15 2005

The highlighted lines show the license (features) enabled on the Cisco ASA version.

The RJ-45 console port allows you to physically connect to the appliance to access its command-line interface (CLI) for initial configuration. The AUX (auxiliary) port allows you to connect an external modem for OOB management. The Flash card slot allows you to use an external Flash card to save system images and configuration files.

Two USB ports in the back of all Cisco ASA models are designed for future features. The Reset button is a multifunction switch. It provides the following functionality:

Table 3-1 lists the capabilities of the Cisco ASA 5510 appliance, as well as performance and connection limit numbers.

Table 3-1. Cisco ASA 5510 Model Capabilities

Description

Without Security Plus License

With Security Plus License

Firewall throughput

Up to 300 Mbps

Up to 300 Mbps

3DES/AES IPSec VPN throughput

Up to 170 Mbps

Up to 170 Mbps

Connections

32,000

64,000

IPSec VPN peers

50

150

WebVPN peers

50

150

Interfaces

Three Fast Ethernet ports for security services and one OOB management port

Five Fast Ethernet ports for security services (including the OOB management port)

Virtual interfaces (VLANs)

0

10

High availability

Active/Standby

Note

Performance numbers vary depending on the packet size and other applications running on the appliance.

Note

For more information about licensing, go to http://www.cisco.com/go/asa.

Note

The Cisco ASA 5510 model does not support virtualization (security contexts).

For a complete list of all product part numbers, see the Cisco ASA 5500 Series platform data sheet at http://www.cisco.com/go/asa.

Категории