The Cisco ASA 5510 model is designed to deliver advanced security services for small and medium-sized businesses and enterprise branch offices. This model provides advanced firewall and VPN capabilities and has optional Anti-X (Adaptive Threat Defense) and IPS services that use the Cisco AIP-SSM-10 module.
Figure 3-1 shows a front view of the Cisco ASA 5510 model.
Figure 3-1. Cisco ASA 5510 Front View
The front panel has the following five LEDs:
The three ASA models, 5510, 5520, and 5540, offer a one-rack unit (1RU) design. They also have an expansion slot for security-services modules. Figure 3-2 shows a back view of the Cisco ASA 5510 model.
Figure 3-2. Cisco ASA 5510 Back View
The Power, Status, Active, VPN, and Flash LEDs are also present on the back of the Cisco ASA 5510. The Cisco ASA 5510 includes five integrated 10/100 Fast Ethernet network interfaces. Three of these five Fast Ethernet ports are enabled by default (0 to 2). The fifth interface is reserved for out-of-band (OOB) management. The Security Plus license allows you to enable the fourth Fast Ethernet port, and the restriction on the OOB port is also removed. Therefore, you can use all five Fast Ethernet interfaces for the through traffic and apply security services.
Note
The OOB Ethernet port restriction is removed with the Security Plus license; however, it is highly recommended that you solely use this port for OOB management.
Each Fast Ethernet port has an activity LED and a link LED:
The Cisco ASA 5510 Security Plus license enables Cisco ASA 5510 to provide VLAN support on switched networks (up to 10 VLANs). The Security Plus upgrade license also provides a greater number of concurrent virtual private network (VPN) connections for remote users and site-to-site connections.
Note
Similar to the Cisco PIX firewalls, Cisco ASA requires a unique license key to enable certain features. This license key is a 40-digit hexadecimal number represented in 5 tuples (set of fixed-length data types). The security appliance allows an administrator to enter the license key by using the activation-key command.
The output of the show version command includes information about the license installed on the Cisco ASA. The following is an example of the output:
Cisco Adaptive Security Appliance Software Version 7.0(1) Device Manager Version 5.0(1) Compiled on Thu 31-Mar-05 14:37 by builders System image file is "disk0:/ASA701.bin" Config file at boot was "startup-config" ASA-5510-A up 4 days 5 hours Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz Internal ATA Compact Flash, 64MB BIOS Flash AT49LW080: @ 0xffe00000, 1024KB Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0) Boot microcode : CNlite-MC-Boot-Cisco-1.2 SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03 IPSec microcode : CNlite-MC-IPSECm-MAIN-2.03 0: Ext: Ethernet0/0 : media index 0: irq 9 1: Ext: Ethernet0/1 : media index 1: irq 9 2: Ext: Ethernet0/2 : media index 2: irq 9 3: Ext: Not licensed : media index 3: irq 9 4: Ext: Management0/0 : media index 4: irq 11 5: Int: Not licensed : media index 0: irq 11 6: Int: Not licensed : media index 5: irq 5 Licensed features for this platform: Maximum Physical Interfaces : 4 Maximum VLANs : 0 Inside Hosts : Unlimited Failover : Disabled VPN-DES : Enabled VPN-3DES-AES : Enabled Security Contexts : 0 GTP/GPRS : Disabled VPN Peers : 50 This platform has a Base license. Serial Number: JMX0921L03L Running Activation Key: 0x0610c842 0x1c8a31b4 0xb8c32858 0x8e987cc8 0xc222eabf Configuration register is 0x1 Configuration last modified by enable_15 at 07:22:28.233 UTC Wed Jun 15 2005
The highlighted lines show the license (features) enabled on the Cisco ASA version.
The RJ-45 console port allows you to physically connect to the appliance to access its command-line interface (CLI) for initial configuration. The AUX (auxiliary) port allows you to connect an external modem for OOB management. The Flash card slot allows you to use an external Flash card to save system images and configuration files.
Two USB ports in the back of all Cisco ASA models are designed for future features. The Reset button is a multifunction switch. It provides the following functionality:
Table 3-1 lists the capabilities of the Cisco ASA 5510 appliance, as well as performance and connection limit numbers.
Description |
Without Security Plus License |
With Security Plus License |
---|---|---|
Firewall throughput |
Up to 300 Mbps |
Up to 300 Mbps |
3DES/AES IPSec VPN throughput |
Up to 170 Mbps |
Up to 170 Mbps |
Connections |
32,000 |
64,000 |
IPSec VPN peers |
50 |
150 |
WebVPN peers |
50 |
150 |
Interfaces |
Three Fast Ethernet ports for security services and one OOB management port |
Five Fast Ethernet ports for security services (including the OOB management port) |
Virtual interfaces (VLANs) |
0 |
10 |
High availability |
Active/Standby |
Note
Performance numbers vary depending on the packet size and other applications running on the appliance.
Note
For more information about licensing, go to http://www.cisco.com/go/asa.
Note
The Cisco ASA 5510 model does not support virtualization (security contexts).
For a complete list of all product part numbers, see the Cisco ASA 5500 Series platform data sheet at http://www.cisco.com/go/asa.
Part I: Product Overview
Introduction to Network Security
Product History
Hardware Overview
Part II: Firewall Solution
Initial Setup and System Maintenance
Network Access Control
IP Routing
Authentication, Authorization, and Accounting (AAA)
Application Inspection
Security Contexts
Transparent Firewalls
Failover and Redundancy
Quality of Service
Part III: Intrusion Prevention System (IPS) Solution
Intrusion Prevention System Integration
Configuring and Troubleshooting Cisco IPS Software via CLI
Part IV: Virtual Private Network (VPN) Solution
Site-to-Site IPSec VPNs
Remote Access VPN
Public Key Infrastructure (PKI)
Part V: Adaptive Security Device Manager
Introduction to ASDM
Firewall Management Using ASDM
IPS Management Using ASDM
VPN Management Using ASDM
Case Studies