Cisco Cisco ASA 5515-X Adaptive Security Appliance Data Sheet
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 5 of 12
3
Firewall traffic that does not go through the IPS service can have higher throughput.
4
Throughput was measured using Cisco ASA CX Software Release 9.1.1 with multiprotocol traffic profile with both AVC and
WSE. Traffic logging was enabled as well.
5
VPN throughput and sessions count depend on the ASA device configuration and VPN traffic patterns. These elements should
be taken into consideration as part of your capacity planning.
6
Separately licensed feature; includes two SSL licenses with base system.
Cisco ASA 5500 Series IPS Security Services Processors, Modules, and Cards
The Cisco ASA 5500 Series brings a new level of integrated security performance to networks with its highly
effective IPS services and multiprocessor hardware architecture. This architecture allows businesses to adapt and
extend the high-performance security services profile of the Cisco ASA 5500 platform. Customers can add
additional high-performance services using security services modules with dedicated security co-processors, and
can custom-tailor flow-specific policies using a highly flexible policy framework. This adaptable architecture helps
businesses deploy new security services when and where they are needed, such as adding the broad range of
intrusion prevention and advanced antiworm services delivered by the IPS modules through the Advanced
Inspection and Protection (AIP) Security Services Module (SSM) and AIP Security Services Card (SSC), or the
comprehensive malware protection and content security services enabled by the Content Security and Control
(CSC) SSM. Further, the Cisco ASA 5500 Series architecture allows Cisco to introduce services to address new
threats, giving businesses outstanding investment protection.
The Cisco ASA 5500 Series IPS Security Services Processor (SSP), AIP SSM, and AIP SSC services are inline,
network-based solutions that accurately identify, classify, and stop malicious traffic before it affects business
continuity for IPv4, IPv6, and hybrid IPv6 and IPv4 networks. They combine inline prevention services with
innovative technologies, resulting in total confidence in the provided protection of the deployed IPS solution,
without the fear of legitimate traffic being dropped. The AIP SSM and AIP SSC also offer comprehensive network
protection through their unique ability to collaborate with other network security resources, providing a proactive
approach to protecting the network.
Accurate inline prevention technologies provide unparalleled confidence to take preventive action on a broader
range of threats without the risk of dropping legitimate traffic. These unique technologies offer intelligent,
automated, contextual analysis of data and help ensure that businesses are getting the most out of their intrusion
prevention solutions. Furthermore, the IPS SSP, AIP SSM, and AIP SSC use multivector threat identification to
protect the network from policy violations, vulnerability exploitations, and anomalous activity through detailed
inspection of traffic in Layers 2 through 7.
Table 2 details the AIP SSM and AIP SSC models that are available and their respective performance and physical
characteristics.
Table 2.
Characteristics of Cisco ASA 5500 Series AIP SSM and AIP SSC Models
Feature
Cisco ASA 5500 Series AIP-SSC-5
Concurrent threat mitigation throughput
(firewall plus IPS services)
(firewall plus IPS services)
75 Mbps with Cisco ASA 5505 Next-Generation Firewall
Technical Specifications
Memory
512 MB
Flash
512 MB