Cisco Asa 5505 Firmware

Posted on |

Cisco Asa 5505 Firmware

Cisco Asa 5505 Ios

Cisco ASA 5505 Features and Performance Specs. In this section I’ll describe the software and hardware features of the Cisco ASA 5505 model. The ASA 5505 is the smallest model in the 5500 series and is suitable for small businesses or small branch offices and teleworkers. As it is a smaller size compared with the other models, it is not rack. Setup Cisco ASA 5506 to Emulate Cisco ASA 5505 Switchport VLANs As of Cisco ASA firmware versions 9.7.x+ (we're putting 9.8 on new deployments) - Cisco has included a base config and functionality that uses interface bridging that will emulate the ability we used to have with the Cisco 5505 units - span a VLAN across all/any available ports.

Firmware

Cisco Asa 5505 Bun K9

  • 1. Cisco ASA ASASM. , -ruivanov@cisco.com
  • 2. : Cisco ASA; ; ; IOS Firewall.
  • 3. Cisco ASA ASASM; Cisco ASA; Cisco ASA ASASM; Cisco ASA; ; ; .
  • 4. Cisco ASA ASASM.
  • 5. Cisco ? Adaptive Security Appliance (ASA) - , , . Ethernet . IOS, J FireWall Services Module (FWSM) Catalyst 6500 . ASA SM Catalyst 6500, , ASA ( FWSM). IOS MC (IOS FW) .
  • 6. Cisco ASA 5585 SSP60 (15-30 Gbps, ASA 5585 SSP40 350K conn/s) (10-20 Gbps, ASA 5585SSP20 240K conn/s) (5-10 Gbps, 125K conn/s) ASA 5585 SSP10 (2-4 Gbps, 50K conn/s) ASA 5580-40 ASA 5540 (10-20 Gbps, (650 Mbps, 150K conn/s) ASA 5520 25K conn/s) (450 Mbps, ASA 5580-20 ASA 5510 12K conn/s) (5-10 Gbps, 90K conn/s)ASA 5505 (300 Mbps, 9K conn/s) ASA 5550(150 Mbps, (1.2 Gbps,4K conn/s) VPN 36K conn/s) ASA SM (16-20 Gbps, FWSM 300K conn/s) (5.5 Gbps, 100K conn/s)
  • 7. CiscoASA
  • 8. ( 8.3+) Cisco PIX 6.x (100k+); 7.0.x 8.0.x , ; 8.3 , , ; UNIX Epoch format: asa(config)# sh access-list test brief! access-list test; 3 elements; name hash: 0xcb4257a3! ca10ca21 44ae5901 00000001 4a68aa7e!
  • 9. (config)# object-group network ADMINS! (config-protocol)# description LAN Addresses ! (config-protocol)# network-object host 10.1.1.4! (config-protocol)# network-object host 10.1.1.78! (config-protocol)# network-object host 10.1.1.34 ! ! (config)# object-group service RADIUS-GROUP udp ! (config-service)# description RADIUS Group ! (config-service)# port-object eq radius ! (config-service)# port-object eq radius-acct ! ; , , ; .
  • 10. 8.3 ( ); 8.3+ (Global Access Policies) ; , control-plane; , ; ( ) .
  • 11. CiscoASA ASASM
  • 12. 8 interface Redundant1 member-interface GigabitEthernet0/2 member-interface GigabitEthernet0/1 ; no nameif no security-level no ip address ! , interface Redundant1.4 ; vlan 4 nameif inside security-level 100 ip address 172.16.10.1 255.255.255.0 , ! interface Redundant1.10 vlan 10 , nameif outside security-level 0 ip address 172.16.50.10 255.255.255.0 , ; ASA 5505, FWSM or ASASM
  • 13. /. ; , ASA 5510 , ASA 5505, ; FWSM ASASM ( ); (dot1q) redundant, .
  • 14. route tracking , ; , ; ICMP echo replies , , ; single routed mode.asa(config)# sla monitor 123!asa(config-sla-monitor)# type echo protocol ipIcmpEcho 10.1.1.1 interface outside!asa(config-sla-monitor-echo)# frequency 3!asa(config)# sla monitor 123 life forever start-time now!asa(config)# track 1 rtr 123 reachability!asa(config)# route outside 0.0.0.0 0.0.0.0 10.1.1.1 track 1!
  • 15. ? Failover , 15 () hello- ; hello- , hello- , ; , ; ; : http://www.cisco.com/en/US/ docs/security/asa/asa82/configuration/guide/ha_overview.html
  • 16. statefull failover? NAT Translation Table User authentication tableTCP connection states Routing table information **UDP connection states State information for SSMs (IPS etc.)ARP Table DHCP Server LeasesL2 Bridge Table (Transparent Mode) Stateful failover for phone proxyHTTP State *ISAKMP and IPSEC SA Table * HTTP ; http replication state ** 8.4.1 .
  • 17. / Transparent Mode ! , STP; RPVST (802.1w) Port Fast ; BPDU Guard Loop Guard , ; / transparent mode .. BPDU ; Transparent Firewall: http://www.cisco.com/en/US/solutions/ns170/tac/security_tac_podcasts.html
  • 18. / , ; ; HTTP- ; ASA ASR- L2- ; VPN, multicast.
  • 19. CiscoASA
  • 20. NAT Control ? NAT control , security-level (, inside) , security-level (, outside); , ; NAT control **** , ,

Cisco Asa 5505 Software Upgrade

  • The information in this document is based on these software and hardware versions: Cisco ASA 5500 and ASA5500-X 9.1(2) and later. Cisco ASDM 7.1 and later.
  • The Cisco ASA 5505 is a full-featured firewall for small business, branch, and enterprise teleworker environments. It delivers high-performance firewall, SSL and IPsec VPN, and rich networking services in a modular, immediately operational appliance. Using the integrated graphical Cisco Adaptive Security Device Manager (ASDM), the Cisco ASA.
  • The Cisco ASA 5505 Software License has a user-friendly interface for easy installation. Its ASDM function simplifies deployment. Cisco Security MARS allows real-time network monitoring. This firewall software facilitates web filtering and malware prevention functionalities. Use this software license to cover from 50 to unlimited users.