Cisco ASA 5500 Series Business Edition Solution Overview

Solution Overview
Cisco ASA 5500 Series Business Edition
Cisco ASA 5500 Series Business Edition Provides an All-in-One Security Solution
The Cisco® ASA 5500 Series Business Edition is an enterprise-strength comprehensive security
solution that combines market-leading firewall, VPN, and optional content security capabilities, so
you can feel confident your business is protected. This easy-to-use solution lets you control access
to network resources to protect business data and maximize network uptime. Employee
productivity is increased by controlling file sharing, instant messaging, spam, phishing, and other
emerging threats. IT resources are freed from virus eradication and system cleanup activities. New
business applications can be safely deployed without opening up security holes. Mobile employees
and business partners can securely connect to your network over the Internet using IP Security
(IPsec) or Secure Sockets Layer (SSL) VPN services. With a Cisco ASA 5500 Series solution
protecting your network, you can focus on growing your business, without worrying about the latest
security threats.
Challenge
The Internet has become a critical business tool for organizations of all sizes. It enables new
opportunities for growth of the business. It provides connectivity with partners and remote workers
via VPN connections. But it is also a conduit for threats to enter a company’s network. And these
threats can have a significant impact on the business:
●
Unauthorized access: Can lead to loss of company data, unplanned downtime, and
related liability concerns
●
Peer-to-peer file sharing and instant messaging: Distracts employees and reduces
productivity
●
Viruses: Can infect systems, bringing them down and resulting in outages and lost revenue
●
Spam and phishing: Creates a nuisance and contributes to loss of employee productivity
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 5
Solution Overview
●
Browsing of non-work-related Websites: Leads to loss of employee productivity and
possible company liability issues
●
Infected VPN traffic: Creates a vector for threats to enter the network and disrupt
the business
Solution
The Cisco ASA 5500 Series Business Edition provides small and medium-sized companies
with comprehensive gateway security and VPN connectivity. With its combined firewall and
content security capabilities, the Cisco ASA 5500 Series stops threats at the gateway before they
enter the network and affect business operations. These same services are extended to remoteaccess users providing a threat-protected VPN connection. The Cisco ASA 5500 Series Business
Edition offers:
●
Most trusted and deployed firewall technology: Building on the Cisco PIX® Family of
security appliances, the Cisco ASA 5500 Series allows valid business traffic to flow, while
keeping out unwelcome visitors. And with its application control capabilities, the solution
can limit peer-to-peer file sharing, instant messaging, and malicious traffic, while enabling
secure deployment of new business applications for improved profitability and
competitiveness. This prevents security leaks and the introduction of threats to the network.
●
Market-leading content security capabilities: With robust content security capabilities
delivered via the optional Content Security and Control Security Services Module (CSCSSM), the Cisco ASA 5510 Adaptive Security Appliance provides critical perimeter security
services needed for comprehensive protection.
◦ Antivirus: Award-winning antivirus technology shields your internal network resources
from both known and unknown virus attacks, at the most effective point in your
infrastructure, the Internet gateway. Cleaning your e-mail and Web traffic at the perimeter
eliminates the need for resource-intensive malware infection cleanup and helps ensure
business continuity.
◦ Anti-spyware: Blocking spyware at the gateway prevents spyware from entering your
network through Internet traffic (HTTP and FTP) and e-mail traffic, frees up IT support
resources from costly spyware removal procedures, and improves employee productivity.
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 5
Solution Overview
◦ Anti-spam: Effective blocking of spam with very low false positives helps to restore
the effectiveness of e-mail, so communication with customers, vendors, and partners
continues uninterrupted.
◦ Anti-phishing: Identity theft protection guards against phishing attacks, thereby
preventing employees from inadvertently disclosing company or personal details
that could lead to financial loss.
◦ Real-time protection for Web access, e-mail, and file transfer: Many employees
access their own private Webmail from their company PCs or laptops, introducing
another entry point for Internet-borne threats even if an organization’s e-mail is already
protected. Similarly, employees may directly download programs or files that may be
contaminated. Real-time protection of all Web traffic at the Internet gateway greatly
reduces this often-overlooked point of vulnerability.
◦ URL filtering: Web and URL filtering can be used to control employee Internet usage
by blocking access to inappropriate or non-work-related Websites, improving employee
productivity and limiting the risk of legal action being taken by employees exposed to
offensive Web content.
◦ E-mail content filtering: E-mail filtering minimizes the legal liability companies can
face, due to exposure to offensive material transferred by e-mail. Filtering also enforces
regulatory compliance, helping organizations meet the requirements of legislation such as
the Gramm-Leach Bliley Act and the Data Protection Act.
●
Investment protection: The Cisco ASA 5500 Series include an expansion slot to support
add-on capabilities. The Cisco ASA 5510 supports the CSC-SSM, which provides content
security features. In the Cisco ASA 5505, the expansion slot supports future add-on options.
This capability enables small businesses to deploy firewall and VPN capabilities today,
and add features in the future as their business grows and the security needs change.
●
Threat-protected VPN: The Cisco ASA 5500 Series provides market-leading, threatprotected remote access. The solution provides both site-to-site and remote-user access
to internal network systems and services. This solution combines SSL and IPsec VPN
capabilities for maximum flexibility. And since the solution combines firewall and optional
content security services with VPN services, the VPN traffic cannot introduce malware
or other threats to the business.
●
Easy deployment and management: The Cisco ASA 5500 Series Business Edition
includes the Cisco Adaptive Security Device Manager (ASDM), which provides a powerful
yet easy-to-use browser-based management and monitoring interface. This single solution
provides comprehensive configuration and monitoring of all the services in a single
application. And to help with quick deployment, wizards guide the administrators
through initial and ongoing configuration of their Cisco ASA 5500 Series appliances.
Business Benefits
The Cisco ASA 5500 Series Business Edition provides the security and connectivity that helps you:
●
Support evolving business needs: Safely deploy new applications by providing advanced
application-layer security services for a wide range of popular applications, including Webbased applications, e-mail, voice over IP (VoIP), video, and multimedia applications.
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 5
Solution Overview
●
Control access to business resources: Prevent unauthorized access to applications
or information assets by providing identity-based access control services that can tie into
services like Microsoft Active Directory, Lightweight Directory Access Protocol (LDAP), or
RSA SecurID.
●
Increase employee productivity: Prevent the loss of employee productivity by preventing
spam, spyware, and inappropriate Web browsing.
●
Improve business resiliency: Prevent disruption of business-critical applications
and services due to security breaches by implementing the industry’s most-deployed
enterprise-grade firewall and content security security technology.
●
Reduce cleanup costs: Free up IT support resources and reduce the costly process of
cleaning up spyware, viruses, and other malware by preventing the infection from occurring.
●
Enable safe remote access: Allow employees and partners to remotely access the
network without the introduction of business-crippling threats by using the solution’s unique,
threat-protected VPN capabilities.
●
Achieve operational efficiency: Reduce costs associated with deployment and ongoing
management and monitoring of the security solution by using a single, easy-to-install,
easy-to-use solution.
●
Decrease liability: Reduce the company’s exposure to liability related to compromised data
or inadequate corporate controls by implementing comprehensive access control and threat
protection services in a single device.
These benefits make the Cisco ASA 5500 Series Business Edition the right choice to address
your security needs and enable your network and employees to deliver maximum value to
your business.
Recommended Business Edition Solutions
Table 1 provides part numbers and descriptions for Cisco ASA 5500 Series Business Edition
bundles and products. To place an order, visit the Cisco Ordering Home Page.
Table 1.
Recommended Cisco ASA 5500 Series Business Edition Solutions
Cisco ASA 5505 Solution Description
Firewall/VPN
Performance
Part Number
Cisco ASA 5505 10-user bundle
150 Mbps/100 Mbps
ASA5505-BUN-K9
150 Mbps/100 Mbps
ASA5505-50-BUN-K9
150 Mbps/100 Mbps
ASA5505-UL-BUN-K9
150 Mbps/100 Mbps
ASA5505-SEC-BUN-K9
Includes 10-user license, 8-port Fast Ethernet switch, stateful
firewall, 10 IPsec VPN peers, 2 SSL VPN peers, 3DES/AES
license, and 1 expansion slot
Cisco ASA 5505 50-user bundle
Includes 50-user license, 8-port Fast Ethernet switch, stateful
firewall, 10 IPsec VPN peers, 2 SSL VPN peers, 3DES/AES
license, and 1 expansion slot
Cisco ASA 5505 unlimited user bundle
Includes unlimited user license, 8-port Fast Ethernet switch,
stateful firewall, 10 IPsec VPN peers, 2 SSL VPN peers,
3DES/AES license, and 1 expansion slot
Cisco ASA 5505 Security Plus bundle
Includes Cisco ASA 5505, unlimited users, 8-port Fast Ethernet
switch, stateful firewall, 25 IPsec VPN peers, 2 SSL VPN peers,
stateless Active/Standby high availability, dual ISP support,
DMZ support, 3DES/AES license, and 1 expansion slot
Cisco ASA 5510 Solution Description
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 5
Solution Overview
Cisco ASA 5505 Solution Description
Firewall/VPN
Performance
Part Number
Cisco ASA 5510 Content Security bundle
300 Mbps/170 Mbps
ASA5510-CSC10-K9
300 Mbps/170 Mbps
ASA5510-BUN-K9
300 Mbps/170 Mbps
ASA5510-SEC-BUN-K9
Cisco ASA 5510 Appliance with CSC-SSM provides firewall,
VPN, and content security services to stop viruses, spyware,
and provide file blocking. Includes 1 yr subscription for the
content security features. Additional content security services
(anti-spam, anti-phishing, and URL blocking and filtering)
available with the ASA-CSC10-PLUS license.
Cisco ASA 5510 bundle
Includes 3 Fast Ethernet interfaces, stateful firewall, 250 IPsec
VPN peers, 2 SSL VPN peers, 3DES/AES license, and 1
expansion slot
Cisco ASA 5510 Security Plus bundle
Includes 5 Fast Ethernet interfaces, stateful firewall, 250 IPsec
VPN peers, 2 SSL VPN peers, Active/Standby high availability,
3DES/AES license, and 1 expansion slot
Additional Recommended Options
Cisco ASA 5505 Security Plus license (provides stateless Active/Standby high availability,
dual ISP support, DMZ support, VLAN trunking support, and increased session and IPSec
VPN peer capacities)
ASA5505-SEC-PL
Cisco ASA 5500 CSC10-Plus license (1-year subscription license, which adds anti-spam,
anti-phishing, and URL blocking and filtering to the CSC-SSM content security solution in
the Cisco ASA 5510)
ASA-CSC10-PLUS
Cisco ASA 5510 Security Plus license (provides Active/Active and Active/Standby high
availability, increased session and VLAN capacities, and additional Ethernet interfaces)
ASA5510-SEC-PL
Cisco ASA 5500 Series 10-user SSL VPN license
ASA5500-SSL-10
Cisco ASA 5500 Series 25-user SSL VPN license
ASA5500-SSL-25
Cisco ASA 5500 Series 50-user SSL VPN license
ASA5500-SSL-50
Note:
For countries with import regulations on shipping strong encryption (Triple Data Encryption
Standard/Advanced Encryption Standard [3DES/AES]), Cisco provides DES-only encryption via the
following two “K8” part numbers: ASA5505-K8 and ASA5510-K8.
For More Information
For more information on how your company can benefit from the Cisco ASA 5500 Series
Business Edition, visit http://www.cisco.com/go/asa.
Printed in USA
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
C22-351843-01 6/07
Page 5 of 5