Delivering Safe, Secure, and Flexible Remote Access to Any Location
Today's remote-access VPN deployments require the ability to safely and easily extend corporate network access beyond managed desktops to different users devices, while protecting these endpoints and key corporate resources from ever-evolving threats.
Secure Remote Access, powered by the Cisco ASA 5500 Series SSL/IPsec VPN Edition enables organizations to securely and seamlessly provide resources access to a broad array of users, contractors, and business partners on the largest variety of mobile and fixed endpoints.
Supporting a wide range of deployment and application environments, the ASA 5500 Series delivers maximum value to your organization with the most comprehensive set of Secure Socket Layer (SSL) and IP security (IPsec) VPN features, performance, and scalability in the industry. The solution, comprised of a single unified platform: the ASA 5500 series and the AnyConnect Secure Mobility Client, enables organizations to use a powerful combination of seamless controlled access and market-proven, best-of-breed firewall, intrusion prevention inspection and web threat prevention that enables mobile workers to be productive while protecting corporate interests. With inclusive support for unrestricted full-network access, as well as controlled access to select web-based applications and network resources, the platform provides the flexibility required by any VPN deployment (Figure 1).
Industry-Leading Secure Mobility Technology for Your Organization
The ASA 5500 series VPN Edition offers the growing list of AnyConnect industry-leading Secure Mobility features and the simplicity and ubiquity of clientless secure access. The ASA - AnyConnect Secure Mobility solution is easy to deploy and simple to use. Its client and clientless options respond securely and dynamically to today's wide array of fixed and mobile endpoint requirements by offering granular access controls and robust endpoint security. As a result, it maintains the integrity of confidential information to solve the unique challenges associated with diverse user groups and endpoints accessing the enterprise network. The AnyConnect Secure Mobility solution also offers integrated web security protection via the AnyConnect client. By seamlessly redirecting select traffic to either an on-premise appliance, or to a cloud-based service for off-VPN web traffic protection, the AnyConnect client provides consistent policy and security without having to backhaul public Internet-bound traffic.
Figure 1. Customizable SSL VPN and IPsec Services for Any Deployment Scenario
Cisco ASA 5500 Series-Secure Remote Access: Profile and Benefits
|
Deployment flexibility: Extends the appropriate remote-access VPN technology, either clientless or full network (SSL/TLS, DTLS, IPsec IKEv1 or IKEv2) access, on a per-session basis, depending on the user group or endpoint accessing the network, its security posture, and administration's policies.
|
Comprehensive network access: Broad application and network resource access is provided through Cisco's AnyConnect Secure Mobility client, an automatically downloadable network-tunneling client that enables access to virtually any corporate application or resource.
|
Ubiquitous clientless access: Delivers secure remote access to authenticated users on both managed and unmanaged endpoints, enabling increased productivity by providing "anytime access" to the network.
|
Granular control: Empowers network and IT management to provide and monitor controlled access to corporate resources and applications.
|
Seamless connectivity: The Cisco AnyConnect Secure Mobility client automatically connects or disconnects a user session based on the user's location and network availability, providing a transparent secure connectivity experience to the roaming worker, who in turns gains in productivity and flexibility.
|
Optimized performance: The Cisco AnyConnect Secure Mobility client provides an optimized VPN connection for latency-sensitive traffic, such as voice over IP (VoIP) traffic or TCP-based application access. AnyConnect can automatically determine and establish connectivity to the most optimal network access point.
|
Consistent security: Enables high scale secure mobility protection by extending location-aware security policies to every transaction when using AnyConnect Secure Mobility with integrated web security. The user's location and the nature of the corporate resources accessed (for instance, an enterprise/"in-house" application versus a SaaS application) define the level of Acceptable Use Policies, malware protection and Data Security policies. AnyConnect is optimized for use with the Cisco IronPort Web Security Appliance and the Cisco ScanSafe cloud-based Web Security service. Both deployment options provide Cisco's industry leading usage policy enforcement and protection of enterprise resources from both known and zero-day malware.
|
Unparalleled management flexibility: Simplifies the complexity of managing diverse remote-access connectivity requirements common in today's enterprise.
|
Low total cost of ownership: Reduces expensive help-desk calls associated with network connectivity issues and eliminates the administration costs of managing client software on every endpoint.
|
Combined Technologies for Enhanced Capabilities: SSL and IPsec VPN in One Platform
In addition to the SSL VPN features, users can also take advantage of Cisco's award-winning IPsec VPN technology. By offering converged, state of the art SSL and IPsec (IKEv1 and IKEv2) VPN technologies on a single platform, the ASA 5500 Series delivers a highly customizable, simple, flexible one-box solution for diverse VPN deployment environments, eliminating the cost of deploying parallel remote-access solutions.
Cisco ASA 5500 Product Family
The Cisco ASA 5500 Series delivers site-specific scalability from the smallest business and small office/home office (SOHO) deployments to the largest enterprise networks with its 11 models, shown in Figure 2. Each model is built with concurrent services scalability, investment protection, and future technology extensibility as its foundation. Table1 lists the specifications of the Cisco ASA 5500 Series models.
Figure 2. Cisco ASA 5500 Series Products
Table 1. Specifications of Cisco ASA 5500 Series Adaptive Security Appliance Models
Platform
|
Cisco ASA 5505
|
Cisco ASA 5510
|
Maximum VPN throughput1
|
100 Mbps
|
170 Mbps
|
Maximum concurrent AnyConnect or clientless VPN sessions1
|
25
|
250
|
Maximum concurrent site-to-site and IPsec IKEv1 VPN sessions1
|
25
|
250
|
Interfaces
|
8-port 10/100 switch with 2 Power over Ethernet ports
|
5,10/100/ 2, 10/100/ 1000, 3,10/100
+4 10/100/ 1000, 4 SFP (with 4GE SSM)
|
Profile
|
Desktop
|
1-RU
|
Stateful failover
|
No
|
Licensed feature2
|
VPN load balancing
|
No
|
Licensed feature2
|
Shared VPN License Option
|
No
|
Yes
|
1Devices include a license for two Premium VPN users for evaluation and remote management purposes. The total concurrent IPsec and SSL (clientless and tunnel-based) VPN sessions may not exceed the maximum concurrent IPsec session count shown in the chart. The SSL/IPsec IKEv2 VPN session number (clientless or AnyConnect client) may also not exceed the number of licensed sessions on the device. The ASA 5580 supports greater simultaneous users than the ASA 5550 at comparable overall SSL VPN throughput to the ASA 5550. VPN throughput and sessions count depend on the ASA device configuration and VPN traffic patterns. These elements should be taken in to consideration as part of your capacity planning.
2Upgrade is available with Cisco ASA 5510 Security Plus license.
|
Ordering Information
Tables 2 through 6 provide a subset of ordering information for Cisco AnyConnect Premium SSL VPN Edition bundles and licenses, as well as for Cisco AnyConnect Essentials licenses. For additional licensing details, please see the Cisco Secure Remote Access: VPN Licensing Overview. Premium licenses may be purchased for either single devices or for a shared environment.
- All Cisco ASA 5500 Series appliances include the maximum number of IPsec (IKEv1) concurrent users in the base configuration of the chassis.
- The use of the AnyConnect client can be enabled through the purchase of an Essential VPN license, which enables the basic AnyConnect features, including IPsec IKEv2 and SSL VPN access.
- Every Cisco ASA 5500 Series model can support clientless VPN, the advanced AnyConnect features, and the Cisco Secure Desktop (CSD) features through the purchase of a Premium VPN license. Premium VPN on the Cisco ASA 5500 Series may be purchased under a single part number as an edition bundle, or the chassis and SSL VPN feature license may be purchased separately, as indicated in Table 3. Premium licenses can be applied to an individual ASA (single-device license), or to an ASA acting as a shared license server.
To place an order, visit the Cisco Ordering homepage.
Table 2. Ordering Information for Premium Bundles (Single-Device)
VPN User Requirements
|
Premium IPsec / SSL VPN Bundles
|
Edition Bundle Part Number
|
10 Premium VPN users
|
Cisco ASA 5505 SSL/IPsec VPN Edition for 10 concurrent SSL/DTLS/IPsec IKEv2 VPN users (AnyConnect Premium - SSL VPN Edition)
|
ASA5505-SSL10-K9
|
25 Premium VPN users
|
Cisco ASA 5505 SSL/IPsec VPN Edition for 25 concurrent SSL/DTLS/IPsec IKEv2 VPN users (AnyConnect Premium - SSL VPN Edition)
|
ASA5505-SSL25-K9
|
50 Premium VPN users
|
Cisco ASA 5510 SSL/IPsec VPN Edition for 50 concurrent SSL/DTLS/IPsec IKEv2 VPN users (AnyConnect Premium - SSL VPN Edition)
|
ASA5510-SSL50-K9
|
100 Premium VPN users
|
Cisco ASA 5510 SSL/IPsec VPN Edition for 100 concurrent SSL/DTLS/IPsec IKEv2 VPN users (AnyConnect Premium - SSL VPN Edition)
|
ASA5510-SSL100-K9
|
250 Premium VPN users
|
Cisco ASA 5510 SSL/IPsec VPN Edition for 250 concurrent SSL/DTLS/IPsec IKEv2 VPN users (AnyConnect Premium - SSL VPN Edition)
|
ASA5510-SSL250-K9
|
500 Premium VPN users
|
Cisco ASA 5520 SSL/IPsec VPN Edition for 500 concurrent SSL/DTLS/IPsec IKEv2V PN users (AnyConnect Premium - SSL VPN Edition)
|
ASA5520-SSL500-K9
|
1000 Premium VPN users
|
Cisco ASA 5540 SSL/IPsec VPN Edition for 1000 concurrent SSL/DTLS/IPsec IKEv2 VPN users (AnyConnect Premium - SSL VPN Edition)
|
ASA5540-SSL1000-K9
|
2500 Premium VPN users
|
Cisco ASA 5540 SSL/IPsec VPN Edition for 2500 concurrent SSL/DTLS/IPsec IKEv2 VPN users (AnyConnect Premium - SSL VPN Edition)
|
ASA5540-SSL2500-K9
|
2500 Premium VPN users
|
Cisco ASA 5550 SSL/IPsec VPN Edition for 2500 concurrent SSL/DTLS/IPsec IKEv2 VPN users (AnyConnect Premium - SSL VPN Edition)
|
ASA5550-SSL2500-K9
|
5000 Premium VPN users
|
Cisco ASA 5550 SSL/IPsec VPN Edition for 5000 concurrent SSL/DTLS/IPsec IKEv2 VPN users (AnyConnect Premium - SSL VPN Edition)
|
ASA5550-SSL5000-K9
|
5000 Premium VPN users
|
Cisco ASA 5585-S10 SSL/IPsec VPN Edition for 5000 concurrent SSL/DTLS/IPsec IKEv2 VPN users (AnyConnect Premium - SSL VPN Edition)
|
ASA5585-S10-5K-K9
|
10,000 Premium VPN users
|
Cisco ASA 5580-20 SSL/IPsec VPN Edition for 10,000 concurrent SSL/DTLS/IPsec IKEv2 VPN users (AnyConnect Premium - SSL VPN Edition
|
ASA5580-20-10K-K9
|
10,000 Premium VPN users
|
Cisco ASA 5585-S20/40/60 SSL/IPsec VPN Edition for 10,000 concurrent SSL/DTLS/IPsec IKEv2 VPN users (AnyConnect Premium - SSL VPN Edition)
|
ASA5585S20-10K-K9
ASA5585S40-10K-K9
ASA5585S60-10K-K9
|
Table 3. Ordering Information for Individual (Single-Device) AnyConnect Premium Licenses
Cisco ASA Chassis and applicable AnyConnect Premium - IPsec / SSL VPN Edition Licenses
|
VPN User Require-ments
|
Part Number
|
Cisco ASA 5505
|
Cisco ASA 5510
|
Cisco ASA 5520
|
Cisco ASA 5540
|
Cisco ASA 5550
|
Cisco ASA 5585-S10
|
Cisco ASA 5580-20
|
Cisco ASA 5580-40
|
Cisco ASA 5585-S20/40/60
|
10 Premium VPN users
|
ASA5500-SSL-10
|
X
|
X
|
X
|
X
|
X
|
X
|
X
|
X
|
X
|
25 Premium VPN users
|
ASA5500-SSL-25
|
X
|
X
|
X
|
X
|
X
|
X
|
X
|
X
|
X
|
50 Premium VPN users
|
ASA5500-SSL-50
|
-
|
X
|
X
|
X
|
X
|
X
|
X
|
X
|
X
|
100 Premium VPN users
|
ASA5500-SSL-100
|
-
|
X
|
X
|
X
|
X
|
X
|
X
|
X
|
X
|
250 Premium VPN users
|
ASA5500-SSL-250
|
-
|
X
|
X
|
X
|
X
|
X
|
X
|
X
|
X
|
500 Premium VPN users
|
ASA5500-SSL-500
|
-
|
-
|
X
|
X
|
X
|
X
|
X
|
X
|
X
|
750 Premium VPN users
|
ASA5500-SSL-750
|
-
|
-
|
X
|
X
|
X
|
X
|
X
|
X
|
X
|
1000 Premium VPN users
|
ASA5500-SSL-1000
|
-
|
-
|
-
|
X
|
X
|
X
|
X
|
X
|
X
|
2500 Premium VPN users
|
ASA5500-SSL-2500
|
-
|
-
|
-
|
X
|
X
|
X
|
X
|
X
|
X
|
5000 Premium VPN users
|
ASA5500-SSL-5000
|
-
|
-
|
-
|
-
|
X
|
X
|
X
|
X
|
X
|
10,000 Premium VPN users
|
ASA5500-SSL-10K
|
-
|
-
|
-
|
-
|
-
|
-
|
X
|
X
|
X
|
Table 4. Ordering information for AnyConnect Premium - SSL VPN Edition Shared Licenses (Shared License Server)
VPN User Requirements
|
AnyConnect Premium - IPsec / SSL VPN Edition Shared Licenses
|
Part Number
|
500 Premium Shared VPN users
|
Premium Shared VPN Server License - 500 shared seats (AnyConnect Premium - SSL/IPsec VPN Edition)
|
ASA-VPNS-500=
|
1000 Premium Shared VPN users
|
Premium Shared VPN Server License - 1000 shared seats (AnyConnect Premium - SSL/IPsec VPN Edition)
|
ASA-VPNS-1,000=
|
2500 Premium Shared VPN users
|
Premium Shared VPN Server License - 2500 shared seats (AnyConnect Premium - SSL/IPsec VPN Edition)
|
ASA-VPNS-2,500=
|
5000 Premium Shared VPN users
|
Premium Shared VPN Server License - 5000 shared seats (AnyConnect Premium - SSL/IPsec VPN Edition)
|
ASA-VPNS-5,000=
|
7500 Premium Shared VPN users
|
Premium Shared VPN Server License - 7500 shared seats (AnyConnect Premium - SSL/IPsec VPN Edition)
|
ASA-VPNS-7,500=
|
10,000 Premium Shared VPN users
|
Premium Shared VPN Server License - 10,000 shared seats (AnyConnect Premium - SSL/IPsec VPN Edition)
|
ASA-VPNS-10K=
|
20,000 Premium Shared VPN users
|
Premium Shared VPN Server License - 20,000 shared seats (AnyConnect Premium - SSL/IPsec VPN Edition)
|
ASA-VPNS-20K=
|
30,000 Premium Shared VPN users
|
Premium Shared VPN Server License - 30,000 shared seats (AnyConnect Premium - SSL/IPsec VPN Edition)
|
ASA-VPNS-30K=
|
40,000 Premium Shared VPN users
|
Premium Shared VPN Server License - 40,000 shared seats (AnyConnect Premium - SSL/IPsec VPN Edition)
|
ASA-VPNS-40K=
|
50,000 Premium Shared VPN users
|
Premium Shared VPN Server License - 50,000 shared seats (AnyConnect Premium - SSL/IPsec VPN Edition)
|
ASA-VPNS-50K=
|
100,000 Premium Shared VPN users
|
Premium Shared VPN Server License - 100,000 shared seats (AnyConnect Premium - SSL/IPsec VPN Edition)
|
ASA-VPNS-100K=
|
Note: Premium Shared VPN Server Licenses are stackable. As such, there is no license limit to the maximum number of shared seats that can be activated on the Shared License Server.
Table 5. Ordering Information for AnyConnect Premium - SSL/IPsec VPN Edition Shared Licenses (Participant)
VPN User Requirements
|
Premium VPN Bundles
|
Edition Bundle Part Number
|
ASA 5510 (up to 250 simultaneous sessions)
|
Premium Shared VPN Participant License - ASA 5510 (AnyConnect Premium - SSL/IPsec VPN Edition)
|
ASA-VPNP-5510=
|
ASA 5520 (up to 750 simultaneous sessions)
|
Premium Shared VPN Participant License - ASA 5520 (AnyConnect Premium - SSL/IPsec VPN Edition)
|
ASA-VPNP-5520=
|
ASA 5540 (up to 2500 simultaneous sessions)
|
Premium Shared VPN Participant License - ASA 5540 (AnyConnect Premium - SSL/IPsec VPN Edition)
|
ASA-VPNP-5540=
|
ASA 5550 (up to 5000 simultaneous sessions)
|
Premium Shared VPN Participant License - ASA 5550 (AnyConnect Premium - SSL/IPsec VPN Edition)
|
ASA-VPNP-5550=
|
ASA 5580 (up to 10,000 simultaneous sessions)
|
Premium Shared VPN Participant License - ASA 5580 (AnyConnect Premium - SSL/IPsec VPN Edition)
|
ASA-VPNP-5580=
|
ASA 5585-S10 (up to 5000 simultaneous sessions)
|
Premium Shared VPN Participant License - ASA 5585-S10 (AnyConnect Premium - SSL/IPsec VPN Edition)
|
ASA-VPNP-5585=
|
ASA 5580-S20/S40/S60 (up to 10,000 simultaneous sessions)
|
Premium Shared VPN Participant License - ASA 5585-S20/40/60 (AnyConnect Premium - SSL/IPsec VPN Edition)
|
ASA-VPNP-5585=
|
Table 6. Ordering Information for AnyConnect Essentials Spares (Requires Cisco ASA Software Release 8.2 and Later)
AnyConnect Essentials Platform/Users
|
AnyConnect Essentials VPN Spares Licenses
|
Part Numbers
|
ASA 5505 (up to 25 simultaneous sessions)
|
AnyConnect Essentials VPN license - 25 concurrent AnyConnect VPN Essentials users
|
ASA-AC-E-5505=
|
ASA 5510 (up to 250 simultaneous sessions)
|
AnyConnect Essentials VPN license - 250 concurrent AnyConnect VPN Essentials users
|
ASA-AC-E-5510=
|
ASA 5520 (up to 750 simultaneous sessions)
|
AnyConnect Essentials VPN license - 750 concurrent AnyConnect VPN Essentials users
|
ASA-AC-E-5520=
|
ASA 5540 (up to 2500 simultaneous sessions)
|
AnyConnect Essentials VPN license - 2500 concurrent AnyConnect VPN Essentials users
|
ASA-AC-E-5540=
|
ASA 5550 (up to 5000 simultaneous sessions)
|
AnyConnect Essentials VPN license - 5000 concurrent AnyConnect VPN Essentials users
|
ASA-AC-E-5550=
|
ASA 5580 (up to 10,000 simultaneous sessions)
|
AnyConnect Essentials VPN license - 10,000 concurrent AnyConnect VPN Essentials users
|
ASA-AC-E-5580=
|
ASA 5585-S10 (up to 5000 simultaneous sessions)
|
AnyConnect Essentials VPN license - 5000 concurrent AnyConnect VPN Essentials users
|
ASA-AC-E-5585=
|
ASA 5585-S20/S40/S60 (10,000 simultaneous sessions)
|
AnyConnect Essentials VPN license - 10,000 concurrent AnyConnect VPN Essentials users
|
ASA-AC-E-5585=
|