The Cisco ASA 5500 series of firewall appliances has been in the market for a long time when they replaced the older PIX hardware firewalls.
The new generation of-course listens to the name ASA 5500-X which is currently in the market.
However many professionals and companies still have older ASA 5500 series firewall appliances in their network and are looking to find some specs and throughput performance characteristics for them.
In this article I’m listing all specs and performance data (throughput, connections, VPN sessions etc) for all ASA 5500 series firewalls.
Cisco ASA 5505 Features and Performance Specs
In this section I’ll describe the software and hardware features of the Cisco ASA 5505 model. The ASA 5505 is the smallest model in the 5500 series and is suitable for small businesses or small branch offices and teleworkers.
As it is a smaller size compared with the other models, it is not rack-mountable. It is the only model also that comes with an 8-port switch (with 2 power over Ethernet ports).
The Cisco ASA 5505 ports are Layer 2 ports and not normal Layer 3 ports like the other models. To configure its Layer 2 ports you need to create VLANs and assign each port to a certain VLAN number. All interface parameters are configured under the “Interface VLAN [number]” command.
The Cisco ASA 5505 features depend on which software license is installed. There are two license options available:
- Base License and
- Security Plus License.
The Security Plus license enables the Cisco ASA 5505 Appliance to support higher connection capacity and a higher number of IPsec VPN users, add full DMZ support, and integrate into switched network environments through VLAN trunking support.
Moreover, the upgrade security plus license enables redundant ISP connections and stateless Active/Standby high-availability services.
In more detail, the Cisco ASA 5505 features and specs are the following:
- Maximum firewall connections: 10,000 (Base License), 25,000 (Security Plus License)
- Maximum firewall throughput (Mbps): 150 Mbps
- Max Packets per second (64 byte): 85,000
- Maximum firewall connections/second: 4,000
- Maximum 3DES/AES VPN throughput: 100 Mbps
- Maximum site-to-site and remote access VPN sessions: 10 (Base License), 25 (Security Plus)
- Maximum SSL VPN user sessions: 25
- Memory: 256 MB
- System Flash: 64MB
- Integrated ports: 8 port 10/100 switch with 2 power over Ethernet
- Maximum VLANs: 3 (Base License), 20 (Security Plus License)
- Expansion Modules: 1-SSC (Security Services Card)
- Intrusion Prevention: Yes (with AIP SSC)
- Content Security (anti-virus, anti-spyware, file blocking): Not Available
- Latest Software version: 8.2 (as of April 2009)
- Application-layer firewall services: Supported
- Layer 2 transparent firewall: Supported
- Security contexts: Not Available
- GTP/GPRS inspection: Not Available
- High availability support: Not Available (Base License), Stateless Active/Standby (Security Plus)
- SSL and IPsec VPN services: Supported
Cisco ASA 5510 Features and Specs
Continuing our series about the hardware and software features of ASA firewalls, this section focuses on the Cisco ASA 5510 model which is a very popular appliance for small to medium enterprises.
Unlike the ASA 5505, this is a rack-mountable model (1U size) which supports also an add-on module (SSM – Security Services Module).
Similarly with the 5505, the ASA 5510 comes also with two types of software licenses: Base License and Security Plus License, with the later offering advanced hardware and performance features.
In more detail, the Cisco ASA 5510 firewall features and throughput are the following:
- Maximum firewall connections: 50,000 (Base License), 130,000 (Security Plus License)
- Maximum firewall throughput (Mbps): 300 Mbps
- Max Packets per second (64 byte): 190,000
- Maximum firewall connections/second: 9,000
- Maximum 3DES/AES VPN throughput: 170 Mbps
- Maximum site-to-site and remote access VPN sessions: 250
- Maximum SSL VPN user sessions: 250
- Memory: 256 MB
- System Flash: 64MB
- Integrated ports: 5- 10/100 (Base License), 2-10/100/1000 + 3-10/100 (Security Plus)
- Maximum VLANs: 50 (Base License), 100 (Security Plus License)
- SSM Expansion Slots: 1 SSM module
- Intrusion Prevention: Supported (with AIP SSM)
- Content Security (anti-virus, anti-spyware, file blocking): Supported (with CSC SSM)
- Latest Software version: 8.2 (as of April 2009)
- Application-layer firewall services: Supported
- Layer 2 transparent firewall: Supported
- Security contexts: 0 (Base License), up to 5 (Security Plus License)
- GTP/GPRS inspection: Not Available
- High availability support: Not Available (Base License), Active/Standby and Active/Active (Security Plus)
- SSL and IPsec VPN services: Supported
Cisco ASA 5520 Features and Specs
Continuing our series about the hardware and software features of ASA firewalls, this section focuses on the Cisco ASA 5520 model.
This model is suitable as Internet Edge device for medium size enterprises but can be used also for internal LAN segmentation.
From this model and up there are no Base License or Security Plus License options, like the 5505 and 5510 models.
Also, the four integrated Network Interfaces by default support gigabit 10/100/1000 speed. There is an additional Management Interface which supports Fast Ethernet speed (10/100 Mbps).
This Interface can be used as normal firewall interface by issuing the “no management-only” interface configuration command. So there are essentially five network interfaces integrated on the appliance.
In more detail, the Cisco ASA 5520 firewall features are the following:
- Maximum firewall connections:280,000
- Maximum firewall throughput (Mbps): 450 Mbps
- Max Packets per second (64 byte): 320,000
- Maximum firewall connections/second: 12,000
- Maximum 3DES/AES VPN throughput: 225 Mbps
- Maximum site-to-site and remote access VPN sessions: 750
- Maximum SSL VPN user sessions: 750
- Memory: 512 MB
- System Flash: 64MB
- Integrated ports: 4-10/100/1000 + 1-10/100
- Maximum VLANs: 150
- SSM Expansion Slots: 1 SSM module
- Intrusion Prevention: Supported (with AIP SSM)
- Content Security (anti-virus, anti-spyware, file blocking): Supported (with CSC SSM)
- Latest Software version:8.2 (as of April 2009)
- Application-layer firewall services: Supported
- Layer 2 transparent firewall: Supported
- Security contexts: 2 (Included), 20 (Maximum, with license)
- GTP/GPRS inspection: Supported (needs license)
- High availability support: Active/Active, Active/Standby
- SSL and IPsec VPN services: Supported
Hardware of 5520
The ASA 5520 contains 4 x Gigabit ports (10/100/1000 Mbps) and one 10/100 Mbps management interface.
As you can see from the Maximum throughput spec above (450 Mbps), it means that although the appliance supports gigabit interfaces, the limiting factor is the actual firewall throughput.
If one of the interfaces received 1Gbps traffic from an external source, traffic will be queued in buffers and if the rate continuous like this then it will be tail-dropped.
Cisco ASA 5540 Features and Specs
Next in the line is the Cisco ASA 5540 Firewall appliance. This device is geared towards large enterprises which need firewall throughput of 650Mbps.
The ASA 5540 is the highest model that supports a Security Services Module (SSM) in order to offer Content Inspection or Intrusion Prevention IPS services to the network.
The SSM module can host also a four-port Gigabit Ethernet card, in addition to the Content Inspection or IPS modules.
The higher-end models 5550 and 5580 DO NOT support the SSM module. Note also the greatly enhanced number of supported VPN sessions (5000 or 2500 for SSL VPN) compared with smaller models. This enhancement makes the 5540 ideal for replacing the older VPN 3000 Concentrator device.
Let’s see the features of the ASA 5540 in more detail below:
- Maximum firewall connections:400,000
- Maximum firewall throughput (Mbps): 650 Mbps
- Max Packets per second (64 byte): 500,000
- Maximum firewall connections/second: 25,000
- Maximum 3DES/AES VPN throughput: 325 Mbps
- Maximum site-to-site and remote access VPN sessions: 5000
- Maximum SSL VPN user sessions: 2500
- Memory: 1 GB
- System Flash: 64MB
- Integrated ports: 4-10/100/1000 + 1-10/100
- Maximum VLANs: 200
- SSM Expansion Slots: 1 SSM module
- Intrusion Prevention: Supported (with AIP SSM)
- Content Security (anti-virus, anti-spyware, file blocking): Supported (with CSC SSM)
- Latest Software version:8.2 (as of April 2009)
- Application-layer firewall services: Supported
- Layer 2 transparent firewall: Supported
- Security contexts: 2 (Included), 20 (Maximum, with license)
- GTP/GPRS inspection: Supported (needs license)
- High availability support: Active/Active, Active/Standby
- SSL and IPsec VPN services: Supported
Cisco ASA 5550 Features and Performance
Now let us see the next ASA model in the series which is the Cisco ASA 5550. With over one gigabit firewall performance (1.2 Gbps) this appliance can be easily used on ISP public services segments or on medium data rate campuses and data centers.
From this model and up, there is no support for Security Services Module (SSM), so basically you can not include an IDS/IPS or Content Inspection functionality integrated inside the box.
However, with this model you get the advantage of having eight gigabit integrated copper ports (8-10/100/100) PLUS four optical gigabit ports (4 SFPs), which means you will not run out of network port capacity easily.
Let’s see the features of the ASA 5550 in more detail below:
- Maximum firewall connections:650,000
- Maximum firewall throughput (Gbps): 1.2 Gbps
- Max Packets per second (64 byte): 600,000
- Maximum firewall connections/second: 36,000
- Maximum 3DES/AES VPN throughput: 425 Mbps
- Maximum site-to-site and remote access VPN sessions: 5000
- Maximum SSL VPN user sessions: 5000
- Memory: 4 GB
- System Flash: 64MB
- Integrated ports: 8-10/100/1000 + 1-10/100 + 4-SFP Gigabit
- Maximum VLANs: 250
- SSM Expansion Slots: Not Available
- Intrusion Prevention: Not Supported (need external box)
- Content Security (anti-virus, anti-spyware, file blocking): Not Supported
- Latest Software version:8.2 (as of April 2009)
- Application-layer firewall services: Supported
- Layer 2 transparent firewall: Supported
- Security contexts: 2 (Included), 20 (Maximum, with license)
- GTP/GPRS inspection: Supported (needs license)
- High availability support: Active/Active, Active/Standby
- SSL and IPsec VPN services: Supported
Cisco ASA 5580 Specs
The 5580 is the Flag-Ship Cisco ASA model in the 5500 series. It comes as two versions, the ASA 5580-20 and the ASA 5580-40, which differ in the performance parameters.
The ASA 5580 is basically an HP Server Chassis with 6 slots on the back for inserting interface card modules.
The 5580 is designed for the largest and most traffic demanding network topologies. It is ideal for high-speed data centers and large campus networks.
It supports the largest firewall throughput in the hardware firewall market, with 5 Gbps (5580-20) and 10 Gbps (5580-40) capacity.
It is also the only model supporting 10Gbps interfaces. Like the 5550, it does not support an embedded Security Services Module (SSM), so you cannot integrate an IDS/IPS functionality inside the same chassis.
Let’s see the features of the ASA 5580 in more detail below:
- Maximum firewall connections:1,000,000 (5580-20), 2,000,000 (5580-40)
- Maximum firewall throughput (Gbps): 5 Gbps (5580-20), 10 Gbps (5580-40)
- Max Packets per second (64 byte): 2,500,000 (5580-20), 4,000,000 (5580-40)
- Maximum firewall connections/second: 90,000 (5580-20), 150,000 (5580-40)
- Maximum 3DES/AES VPN throughput: 1 Gbps
- Maximum site-to-site and remote access VPN sessions: 10,000
- Maximum SSL VPN user sessions: 10,000
- Memory: 8 GB (5580-20), 12 GB (5580-40)
- System Flash: 1 GB
- Integrated ports: 2-10/100/1000 + 4-10/100/1000 (with ASA5580-4GE-CU) + 4 GE SR LC (with ASA5580-4GE-FI), +2 10GE SR LC (with ASA5580-2X10GE-SR)
- Maximum VLANs: 250
- SSM Expansion Slots: Not Available
- Intrusion Prevention: Not Supported (need external box)
- Content Security (anti-virus, anti-spyware, file blocking): Not Supported
- IC Expansion Slots 6 Interface Cards Supported
- Latest Software version:8.2 (as of April 2009)
- Application-layer firewall services: Supported
- Layer 2 transparent firewall: Supported
- Security contexts: 2 (Included), 20 (Maximum, with license)
- GTP/GPRS inspection: Supported (needs license)
- High availability support: Active/Active, Active/Standby
- SSL and IPsec VPN services: Supported
Related Posts
- What is Cisco ASA Firewall – All you need to Know
- Traffic Rate and Bandwidth Limiting on Cisco ASA Firewall
- Cisco ASA Firewall (5500 and 5500-X) Security Levels Explained
- Password Recovery for the Cisco ASA 5500 Firewall (5505,5510,5520 etc)
- Cisco ASA 5505, 5510 Base Vs Security Plus License Explained