Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • ASA55xx Series: Bryley Systems Inc

    Încărcat de

    charles chaderton
    29 vizualizări21 pagini
    The document summarizes Cisco's ASA55xx series of Adaptive Security Appliances. It describes the default capabilities of firewall, IPSec VPN, and SSL VPN. It then lists the various models including the ASA550x for SOHO use, ASA551x for main offices, and high-end ASA555x. Optional capabilities discussed include advanced intrusion prevention, content security modules, and licensing details.

    Descriere originală:

    Cisco asa

    Titlu original

    Agenda

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    The document summarizes Cisco's ASA55xx series of Adaptive Security Appliances. It describes the default capabilities of firewall, IPSec VPN, and SSL VPN. It then lists the various models including the ASA550x for SOHO use, ASA551x for main offices, and high-end ASA555x. Optional capabilities discussed include advanced intrusion prevention, content security modules, and licensing details.

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    29 vizualizări21 pagini

    ASA55xx Series: Bryley Systems Inc

    Încărcat de

    charles chaderton
    The document summarizes Cisco's ASA55xx series of Adaptive Security Appliances. It describes the default capabilities of firewall, IPSec VPN, and SSL VPN. It then lists the various models including the ASA550x for SOHO use, ASA551x for main offices, and high-end ASA555x. Optional capabilities discussed include advanced intrusion prevention, content security modules, and licensing details.

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 21

    ASA55xx Series

    Cisco’s series of Adaptive Security Appliances

    Bryley Systems Inc.


    Business Technology Solutions Since 1987
    Agenda
    • Default Capabilities
    • Models
    • Optional Capabilities
    ASA Capabilities
    • Stateful/Deep Packet Inspection Firewall
    • IPSec VPN Endpoint
    • SSL VPN Endpoint
    • Virtualization
    • Anti-X
    • Intrusion Prevention
    Firewall
    • Default firewall rules
    – Outbound traffic is allowed unless otherwise
    specified
    – Inbound traffic is denied unless otherwise
    specified
    • Stateful packet inspection ensures that
    responses to outbound traffic match outgoing
    requests
    ASA Firewall
    • ASA assigns a security level to each interface
    – inside is 100, outside (Interent) is 0, DMZ is
    typically assigned 50
    – Default rules allow free flow from higher security
    level to lower security 0 level
    • NAT/PAT
    – Allows for more servers with fewer public Ips
    • Deep packet inspection
    IPSec VPN
    • Used for LAN-to-LAN connections
    • Workstation clients for Windows, Macintosh,
    Linux
    • Maximum connections depends on model
    • No additional licenses required
    • EasyVPN
    – Simplified configuration
    – Inbound connections only
    SSL VPN
    • No pre-installed client – connect with web
    browser
    • Licensed by simultaneous connections (2
    connections permitted for testing)
    • Clientless connection
    – Simplest configuration
    – Limited to web applications
    – Some client-server applications are SSL VPN aware
    SSL VPN
    • Cisco AnyConnect VPN client
    • Downloaded on-the-fly
    • Full network access (if desired)
    • Windows/Macintosh/Linux
    • May not function of user rights on client
    computer limited
    IPSec vs SSL
    IPSec SSL
    • Workstation configuration • Browser-based from any
    required computer
    • Administrator can configure • Limited access if user does
    VPN then restrict user not have right to install
    access applications
    • Access as if client machine • Need to use web applictions
    on LAN to ensure access
    • Has pre-shared key in • Vulnerable to password
    addition to user password compromise
    • No additional cost • Extra cost feature
    ASA Models
    • ASA550x - SOHO/Telecommuter
    • ASA551x
    Main Office, Integrated
    • ASA552x
    Protection
    • ASA554x
    • ASA555x - Large enterprise
    • ASA558x - Datacenter/ISP
    http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html
    ASA550x – Base License
    • 10/50/Unlimited internal devices
    • 10 Simultaneous VPNs
    • 8 10/100 Ethernet ports – assigned to VLANs
    • 2 Power over Ethernet
    • 3 VLANs
    • One VLAN must be isolated from
    communicating with one of the others.
    ASA550x – Telecommuter setup
    ASA550x – Security Plus
    • 25 Simultaneous VPNs
    • Ports must be assigned to one of three
    interfaces, up to 20 trunked VLANs permitted
    • Communications between interfaces restriced
    by standard firewall rules
    • Failover to backup ISP for outbound access
    ASA551x – Base License
    • 250 Simultaneous VPNs
    • 3 – 10/100 Ethernet ports – Firewall interfaces
    • 1 – 10/100 Ethernet port – Management only
    • Up to 50 Trunked VLANs
    • SSM Slot for Content Filter or Intrusion
    Prevention Module
    ASA551x – Security Plus License
    • 250 Simultaneous VPNs
    • 3 – 10/100 Ethernet ports
    • 2 – 10/100/1000 Ethernet ports
    • Up to 100 Trunked VLANs
    • SSM Slot for Content Filter, Intrusion
    Prevention Module, or 4 x 10/100/1000
    Ethernet Port module
    • 2 included/5 maximum Security Contexts
    ASA552x
    • 750 Simultaneous VPNs
    • 1 – 10/100 Ethernet port
    • 4 – 10/100/1000 Ethernet ports
    • Up to 150 Trunked VLANs
    • SSM Slot for Content Filter, Intrusion
    Prevention Module, or 4 x 10/100/1000
    Ethernet Port module
    • 2 included/20 maximum Security Contexts
    ASA554x
    • 5000 Simultaneous VPNs (2500 SSL)
    • 1 – 10/100 Ethernet port
    • 4 – 10/100/1000 Ethernet ports
    • Up to 200 Trunked VLANs
    • SSM Slot for Content Filter, Intrusion
    Prevention Module, or 4 x 10/100/1000
    Ethernet Port module
    • 2 included/50 maximum Security Contexts
    ASA555x
    • 5000 Simultaneous VPNs
    • 1 – 10/100 Ethernet port
    • 4 – 10/100/1000 Ethernet ports
    • 4 ports selectable 1000T/SFP Fiber ports
    • Up to 250 Trunked VLANs
    • No SSM Slot
    • 2 included/50 maximum Security Contexts
    Content Security and Control Module
    • Standard License
    – Anti-virus
    – Anti-Spyware
    – File blocking
    • Plus License adds
    – Anti-SPAM
    – URL Filter
    – E-mail content control
    Content Security and Control Module
    • CSC-SSM-10
    – 50/100/250/500 users
    – ASA5510 and ASA5520
    • CSC-SSM-20
    – 750/1000 users
    – ASA5510 , ASA5520, ASA5540
    • Subscription required for updates
    Advanced Intrusion Prevention
    • Compares every packet against a signature
    database
    • Alerting or automatic blocking
    • Update subscription required

    S-ar putea să vă placă și