Cisco ASA 5510 Model

The Cisco ASA 5510 model is designed to deliver advanced security services for small and medium-sized businesses and enterprise branch offices. This model provides advanced firewall and VPN capabilities and has optional Anti-X (Adaptive Threat Defense) and IPS services that use the Cisco AIP-SSM-10 module.

Figure 3-1 shows a front view of the Cisco ASA 5510 model.

Figure 3-1. Cisco ASA 5510 Front View

The front panel has the following five LEDs:

  1. Power Solid green indicates that the appliance is powered on.
  2. Status Flashing green indicates that the system is booting and power-up tests are running. Solid green indicates that the system tests passed and the system is operational. Amber solid indicates that the system tests failed.
  3. Active Flashing green indicates network activity.
  4. VPN Solid green indicates that one or more VPN tunnels are active.
  5. Flash Solid green indicates that the Flash memory card is being accessed.

The three ASA models, 5510, 5520, and 5540, offer a one-rack unit (1RU) design. They also have an expansion slot for security-services modules. Figure 3-2 shows a back view of the Cisco ASA 5510 model.

Figure 3-2. Cisco ASA 5510 Back View

The Power, Status, Active, VPN, and Flash LEDs are also present on the back of the Cisco ASA 5510. The Cisco ASA 5510 includes five integrated 10/100 Fast Ethernet network interfaces. Three of these five Fast Ethernet ports are enabled by default (0 to 2). The fifth interface is reserved for out-of-band (OOB) management. The Security Plus license allows you to enable the fourth Fast Ethernet port, and the restriction on the OOB port is also removed. Therefore, you can use all five Fast Ethernet interfaces for the through traffic and apply security services.

Note

The OOB Ethernet port restriction is removed with the Security Plus license; however, it is highly recommended that you solely use this port for OOB management.

Each Fast Ethernet port has an activity LED and a link LED:

  • The activity LED shows that data is passing on the network to which the port is attached.
  • The link LED shows that the correct cable is in use and the port is operational.

The Cisco ASA 5510 Security Plus license enables Cisco ASA 5510 to provide VLAN support on switched networks (up to 10 VLANs). The Security Plus upgrade license also provides a greater number of concurrent virtual private network (VPN) connections for remote users and site-to-site connections.

Note

Similar to the Cisco PIX firewalls, Cisco ASA requires a unique license key to enable certain features. This license key is a 40-digit hexadecimal number represented in 5 tuples (set of fixed-length data types). The security appliance allows an administrator to enter the license key by using the activation-key command.

The output of the show version command includes information about the license installed on the Cisco ASA. The following is an example of the output:

 Cisco Adaptive Security Appliance Software Version 7.0(1)

 Device Manager Version 5.0(1)

 Compiled on Thu 31-Mar-05 14:37 by builders

 System image file is "disk0:/ASA701.bin"

 Config file at boot was "startup-config"

 ASA-5510-A up 4 days 5 hours

 Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz

 Internal ATA Compact Flash, 64MB

 BIOS Flash AT49LW080: @ 0xffe00000, 1024KB

 Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision

 0x0)

 Boot microcode : CNlite-MC-Boot-Cisco-1.2

 SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03

 IPSec microcode : CNlite-MC-IPSECm-MAIN-2.03

 0: Ext: Ethernet0/0 : media index 0: irq 9

 1: Ext: Ethernet0/1 : media index 1: irq 9

 2: Ext: Ethernet0/2 : media index 2: irq 9

 3: Ext: Not licensed : media index 3: irq 9

 4: Ext: Management0/0 : media index 4: irq 11

 5: Int: Not licensed : media index 0: irq 11

 6: Int: Not licensed : media index 5: irq 5

 Licensed features for this platform:

 Maximum Physical Interfaces : 4

 Maximum VLANs : 0

 Inside Hosts : Unlimited

 Failover : Disabled

 VPN-DES : Enabled

 VPN-3DES-AES : Enabled

 Security Contexts : 0

 GTP/GPRS : Disabled

 VPN Peers : 50

 This platform has a Base license.

 Serial Number: JMX0921L03L

 Running Activation Key: 0x0610c842 0x1c8a31b4 0xb8c32858 0x8e987cc8

 0xc222eabf

 Configuration register is 0x1

 Configuration last modified by enable_15 at 07:22:28.233 UTC Wed Jun 15 2005

The highlighted lines show the license (features) enabled on the Cisco ASA version.

The RJ-45 console port allows you to physically connect to the appliance to access its command-line interface (CLI) for initial configuration. The AUX (auxiliary) port allows you to connect an external modem for OOB management. The Flash card slot allows you to use an external Flash card to save system images and configuration files.

Two USB ports in the back of all Cisco ASA models are designed for future features. The Reset button is a multifunction switch. It provides the following functionality:

  • If pressed longer than 1 second and less than 5 seconds, the system initiates a hardware reset. The saved configuration will be loaded at boot time.
  • If pressed longer than 5 seconds, the system clears the configuration and loads the default configuration.

Table 3-1 lists the capabilities of the Cisco ASA 5510 appliance, as well as performance and connection limit numbers.

Table 3-1. Cisco ASA 5510 Model Capabilities

Description

Without Security Plus License

With Security Plus License

Firewall throughput

Up to 300 Mbps

Up to 300 Mbps

3DES/AES IPSec VPN throughput

Up to 170 Mbps

Up to 170 Mbps

Connections

32,000

64,000

IPSec VPN peers

50

150

WebVPN peers

50

150

Interfaces

Three Fast Ethernet ports for security services and one OOB management port

Five Fast Ethernet ports for security services (including the OOB management port)

Virtual interfaces (VLANs)

0

10

High availability

Active/Standby

Note

Performance numbers vary depending on the packet size and other applications running on the appliance.

Note

For more information about licensing, go to http://www.cisco.com/go/asa.

Note

The Cisco ASA 5510 model does not support virtualization (security contexts).

For a complete list of all product part numbers, see the Cisco ASA 5500 Series platform data sheet at http://www.cisco.com/go/asa.


Part I: Product Overview

Introduction to Network Security

Product History

Hardware Overview

Part II: Firewall Solution

Initial Setup and System Maintenance

Network Access Control

IP Routing

Authentication, Authorization, and Accounting (AAA)

Application Inspection

Security Contexts

Transparent Firewalls

Failover and Redundancy

Quality of Service

Part III: Intrusion Prevention System (IPS) Solution

Intrusion Prevention System Integration

Configuring and Troubleshooting Cisco IPS Software via CLI

Part IV: Virtual Private Network (VPN) Solution

Site-to-Site IPSec VPNs

Remote Access VPN

Public Key Infrastructure (PKI)

Part V: Adaptive Security Device Manager

Introduction to ASDM

Firewall Management Using ASDM

IPS Management Using ASDM

VPN Management Using ASDM

Case Studies



Cisco Asa(c) All-in-one Firewall, IPS, And VPN Adaptive Security Appliance
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
ISBN: 1587052091
EAN: 2147483647
Year: 2006
Pages: 231

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net