Cisco Cisco ASA 5585-X Adaptive Security Appliance Hoja De Datos
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 3 of 9
Table 1 gives the capabilities of the four Cisco ASA 5585-X models.
Table 1.
Cisco ASA 5585-X Next-Generation Firewall Capabilities and Capacities
Feature
Cisco ASA 5585-X with
SSP-10
SSP-10
Cisco ASA 5585-X with
SSP-20
SSP-20
Cisco ASA 5585-X with
SSP-40
SSP-40
Cisco ASA 5585-X with
SSP-60
SSP-60
Typical use case
Edge
Edge
Data center
Data center
Users or nodes
Unlimited
Unlimited
Unlimited
Unlimited
Stateful inspection
firewall throughput
(maximum)
firewall throughput
(maximum)
1
4 Gbps
10 Gbps
20 Gbps
40 Gbps
Stateful inspection
firewall throughput
(multiprotocol)
firewall throughput
(multiprotocol)
2
2 Gbps
5 Gbps
10 Gbps
20 Gbps
Concurrent firewall
connections
connections
1,000,000
2,000,000
4,000,000
10,000,000
Firewall connections
per second
per second
50,000
125,000
200,000
350,000
Packets (64 byte) per
second
second
1,500,000
3,000,000
5,000,000
9,000,000
Security contexts
3
Up to 100
Up to 250
Up to 250
Up to 250
Authentication
Active Directory agent,
LDAP, Kerberos, NTLM
LDAP, Kerberos, NTLM
Active Directory agent,
LDAP, Kerberos, NTLM
LDAP, Kerberos, NTLM
Active Directory agent,
LDAP, Kerberos, NTLM
LDAP, Kerberos, NTLM
Active Directory agent,
LDAP, Kerberos, NTLM
LDAP, Kerberos, NTLM
Maximum 3DES/AES
IPsec VPN throughput
IPsec VPN throughput
4
1 Gbps
2 Gbps
3 Gbps
5 Gbps
Maximum Site-to-Site
and IPsec IKEv1 client
VPN Sessions
and IPsec IKEv1 client
VPN Sessions
4
Up to 5,000
Up to 10,000
Up to 10,000
Up to 10,000
Maximum Cisco
AnyConnect
AnyConnect
®
or
Clientless VPN User
Sessions
Sessions
5
Up to 5,000
Up to 10,000
Up to 10,000
Up to 10,000
Interfaces
8-port 10/100/1000, 2-port
10 Gigabit Ethernet
10 Gigabit Ethernet
**
(SFP+)
8-port 10/100/1000, 2-port
10 Gigabit Ethernet
10 Gigabit Ethernet
**
(SFP+)
6-port 10/100/1000, 4-port
10 Gigabit Ethernet (SFP+)
10 Gigabit Ethernet (SFP+)
6-port 10/100/1000, 4-port
10 Gigabit Ethernet (SFP+)
10 Gigabit Ethernet (SFP+)
Maximum number of
interfaces
interfaces
16-port 10/100/1000, 4-port
10 Gigabit Ethernet
10 Gigabit Ethernet
**
(SFP+) (with 2 modules per
chassis)
chassis)
16-port 10/100/1000, 4-port
10 Gigabit Ethernet
10 Gigabit Ethernet
**
(SFP+) (with 2 modules per
chassis)
chassis)
12-port 10/100/1000,8-port
10 Gigabit Ethernet (SFP+)
(with 2 modules per
chassis)
10 Gigabit Ethernet (SFP+)
(with 2 modules per
chassis)
12-port 10/100/1000, 8-port
10 Gigabit Ethernet (SFP+)
(with 2 modules per
chassis)
10 Gigabit Ethernet (SFP+)
(with 2 modules per
chassis)
Integrated network
management ports
management ports
2-port 10/100/1000
2-port 10/100/1000
2-port 10/100/1000
2-port 10/100/1000
1
Maximum throughput with UDP traffic measured under ideal test conditions.
2
“Multiprotocol” refers to a traffic profile consisting primarily of TCP-based protocols and applications like HTTP, SMTP, FTP,
IMAPv4, BitTorrent, and DNS.
3
Available for the firewall feature set.
4
VPN throughput and maximum peers depend on the ASA device configuration and VPN traffic patterns, including average
packet size. These elements should be taken into consideration as part of your capacity planning. Throughput represents the
maximum possible IPsec throughput. Maximum sessions may be further limited by your throughput requirements.
AnyConnect licenses required. See the AnyConnect Ordering Guide for details. Maximum sessions may be further limited by
your throughput requirements.
maximum possible IPsec throughput. Maximum sessions may be further limited by your throughput requirements.
AnyConnect licenses required. See the AnyConnect Ordering Guide for details. Maximum sessions may be further limited by
your throughput requirements.
5
AnyConnect licenses required. See the AnyConnect Ordering Guide for details. Maximum sessions may be further limited by
your throughput requirements.