Cisco ASA5500 vs. ASA5500-X

by Guest28084458  |  8 years, 11 month(s) ago

0 LIKES UnLike

Cisco ASA5500 vs. ASA5500-X

 Tags: ASA5500, ASA5500X, cisco, vs



  1. Guest28084458

    What Cisco recommends as replacement models for the older ASA5500?
    Older ASA5500 Models Suggested Replacement 5500-X Model
    ASA 5505 ASA 5505 (no new model)
    ASA 5510 ASA 5512-X or ASA 5515-X
    ASA 5520 ASA 5525-X
    ASA 5540 ASA 5545-X
    ASA 5550 ASA 5555-X
    ASA 5580 ASA 5585-X

    The similarities between the two Cisco ASA generations/ ASA5500 and ASA5500-X generation
    The major similarity between ASA5500 and ASA5500-X generation is on core firewall functionality and configuration. That is, the major firewall features (NAT, Access Control Lists, VPN configuration, routing, failover configuration, traffic inspection, modular policies, file system management, VLAN and sub interfaces, authentication etc.) are configured exactly the same on both ASA5500 and ASA5500-X models. In fact, the new software version 9.X runs on both ASA series.

    So, if you have an existing ASA 5500 model which works as a regular firewall and you don’t need any new fancy features (called “Next Generation Firewall” features) then you can stay with your current model for now. You should consider though that Cisco has announced the End-of-Sale for the Cisco ASA 5500 models which is September 16, 2013. The last date of support for the ASA 5500 generation is September 30, 2018.

    Of course with every new generation of appliances, almost always the new models are improved in terms of both hardware and software capabilities. Let’s see the major differences in bullet form.
    • The new asa 5500-X models provide around 4 times more firewall throughput than the older 5500 models. Also, they offer 60% higher VPN throughput.
    • The new Cisco 5500-X is running on multicore 64-bit processors compared with single core 32-bit processors on older ASA models.
    • The new 5500-X models support Next-Generation Firewall Services either as cloud-based services (such as Cloud Web Security and Web Security Essentials) or as software based modules which do not need additional hardware (only a license to use the software module). You should note however that the “Next-Generation Firewall Services” cost extra money in addition to the core firewall appliance. You will either need to purchase Cloud Subscription or purchase software licenses (for the IPS software module for example).
    • For Intrusion Prevention functionality (IPS) you don’t need an additional hardware module like the older 5500 generation. You can enable an embedded IPS on any 5500-X model by purchasing a software license.
    • More network interfaces available on the 5500-X models (up to 14 Gigabit Ethernet ports).
    • On ASA5500-X models the management interface port is shared between the Firewall and the embedded IPS module. Also, the management port on ASA5500-X cannot be used as a data port. Remember that on the older 5500 models you could use the management port as a data port as well (as a regular interface). This is not supported on 5500-X models. Management port is only for management of the appliance.

Question Stats

Latest activity: 8 years, 11 month(s) ago.
This question has been viewed 820 times and has 1 answers.


Share your knowledge and help people by answering questions.
Unanswered Questions