Техническая Спецификация для Cisco Cisco ASA 5585-X Adaptive Security Appliance

Page 1 of 6

White Paper

Cisco ASA 5585-X Adaptive Security Appliance
Architecture

Product Overview

The Cisco ASA 5585-X Adaptive Security Appliance is a modular security services chassis intended primarily for

high-performance data center deployments. The chassis can accommodate up to 2 Security Services Processor

(SSP) or interface expansion modules in the following combinations:

●

Firewall SSP in the bottom slot with IPS or CX SSP application module in the top slot

●

Firewall SSP in the bottom slot with one or two half-slot interface expansion cards in the top slot

●

Firewall SSP module in both the top and bottom slots

Figure 1 shows an ASA 5585-X configuration with a firewall SSP in the bottom slot and an IPS SSP in the top slot.

Each SSP provides a set of 10 Gigabit Ethernet and 1 Gigabit Ethernet interfaces for network attachment as well

as out-of-band management. When the top slot houses an interface expansion or an application module, all

nonmanagement interfaces are controlled from the firewall SSP module in the bottom slot. When a chassis houses

two firewall SSP modules, each firewall operates independently with its own set of data interfaces.

Figure 1. Cisco ASA5585-X Chassis with Firewall and IPS SSP Modules

Unlike many other firewall offerings, the Cisco ASA 5585-X provides layered defense-in-depth protection to critical

network services with an extendable general-purpose CPU complex and a scalable internal traffic load-balancing

architecture. This design avoids having a single external Ethernet interface becoming a processing bottleneck and

offers consistently high performance with any traffic profile across the entire feature set.

Internal Architecture

Cisco ASA 5585-X architecture builds on more than 10 years of the award-winning Cisco ASA appliance design.

Figure 2 illustrates a basic block diagram of an ASA 5585-X firewall SSP module.