Professional Documents
Culture Documents
ASA 5500 Intro © 2004 Cisco Systems, Inc. All rights reserved. 1
Introducing Cisco Adaptive Security Appliances
Delivering Adaptive Threat Defense and VPN Solutions
IPS Technology
Cisco IPS Malware/Content Defense,
Anomaly Detection
Anti-X Defenses
NW-AV Technology
Cisco IPS, AV
Traffic/Admission Control,
Proactive Response
Secure Connectivity
Network Intelligence IPSec & SSL VPN
Cisco Network
Services
ASA 5500 Intro © 2004 Cisco Systems, Inc. All rights reserved. 3
Adaptive Identification and Mitigation (AIM) Services Architecture
Technology Extensibility to Mitigate Current and Future Threats
ASA 5500 Intro © 2004 Cisco Systems, Inc. All rights reserved. 7
Accurate Prevention Technologies
Risk Rating Provides Threat Context
Decision support
Event How urgent is
Severity the threat? balances attack urgency
with business risk
+
Signature How prone to
Fidelity false positive?
Attack
+
Is attack relevant to
Relevancy host being attacked?
+
Asset Value How critical is this
of Target destination host?
RISK Drives
Mitigation
RATING Policy
ASA 5500 Intro © 2004 Cisco Systems, Inc. All rights reserved. 8
Accurate Prevention Technologies
Meta Event Generator Delivers Advanced Correlation
Event C
Low
Time: 0 2 4 6 8 10
ASA 5500 Intro © 2004 Cisco Systems, Inc. All rights reserved. 9
Cisco ASA 5500 Series VPN Solutions
Enterprise-Class Site-to-Site VPN Capabilities
ASA 5500 Intro © 2004 Cisco Systems, Inc. All rights reserved. 10
Cisco VPN Are You There (AYT) & CSA
Comprehensive Endpoint Protection
ASA 5500 Intro © 2004 Cisco Systems, Inc. All rights reserved. 11
Cost-Effective VPN Headend Scaling
“Pay as You Grow” with Load Balancing and Clustering
Cluster IP Address
10.10.1.X
124.118.24.X Client requests connection to 124.118.24.50
Virtual cluster master responds with 124.118.24.33
.1 .31
Client requests IPSec/SSL session to 124.118.24.33
Cluster Master
.2 .32
.3 .33
.4 .34
ASA 5500 Intro © 2004 Cisco Systems, Inc. All rights reserved. 12
WebVPN: SSL-Based Remote Access
Enables Clientless Remote Connectivity
ASA 5500 Intro © 2004 Cisco Systems, Inc. All rights reserved. 13
Virtualized Services and Transparent Operation
Simplifies Deployment and Reduces Operational Costs
Existing Network
ASA 5500 Intro © 2004 Cisco Systems, Inc. All rights reserved. 14
Advanced Network Integration
Maximizes Uptime and Supports Next-Gen Networks
environments D D D D
ASA 5500 Intro © 2004 Cisco Systems, Inc. All rights reserved. 15
Application Inspection and Access Control
Services Convergence Enables Stronger Security
Public
Internet
ASA 5500
Business Traffic
Peer to Peer,
Tunneled Apps
ASA 5500 Intro © 2004 Cisco Systems, Inc. All rights reserved. 16
Zero-Hour Worm Mitigation – At Line Rate!
Services Convergence Enables Stronger Security
Witty
Public
Internet
Code Red
ASA 5500
NIMDA
Comprehensive Response:
W32.Tomorrow’s-Threat Attack Drop
Session Removal
Server DoS Protection through
Session Resets
ASA 5500 Intro © 2004 Cisco Systems, Inc. All rights reserved. 17
Cisco ASA 5500 Series Provides Highly Flexible
and Scalable VPN Services
Access Scenarios:
Supply Partner Site-to-Site Connectivity
Extranet Managed Desktop
Employee Desktop
Branch Office SSL Kiosk Access
Site-to-Site Full or Limited Network Access
IPSec Partner Access
Public
Internet
SSL
Account Manager ASA 5500
Mobile User
Converged IPSec, WebVPN, Firewall:
Inspect/Control VPN Sessions
IPSec Single RA VPN Device Infrastructure
Employee at Home Unified User Management
Unmanaged Desktop Unmatched Scalability
Comprehensive Load Balancing
ASA 5500 Intro © 2004 Cisco Systems, Inc. All rights reserved. 18
Cisco ASA 5500 Series Product Lineup
Solutions Ranging from SMB to Large Enterprise
Performance
Max Firewall 300 Mbps 450 Mbps 650 Mbps
Max Con. Threat Mitigation 150 Mbps 375 Mbps 450 Mbps
Max IPSec VPN 170 Mbps 225 Mbps 325 Mbps
ASA 5500 Intro © 2004 Cisco Systems, Inc. All rights reserved. 19
Cisco ASA 5520/5540 Adaptive Security Appliances
Product Tour
ASA 5500 Intro © 2004 Cisco Systems, Inc. All rights reserved. 20
Cisco ASA Security Services Module (SSM) 10 & 20
Product Tour
ASA 5500 Intro © 2004 Cisco Systems, Inc. All rights reserved. 21
Licensing on the Cisco ASA 5500 Series
ASA 5500 Intro © 2004 Cisco Systems, Inc. All rights reserved. 22
Cisco ASA Adaptive Security Appliances
Industry Certifications and Evaluations
• Common Criteria
Future: EAL4+, v7.0(4) – ASA Family
• FIPS 140
Future: Level 2, v7.0(4) – ASA Family
• ICSA Firewall 4.1, Corporate Category
Future: v7.0(1) – ASA Family
• ICSA IPSec 1.1D
Future: v7.0(1) – ASA Family
• VPNC
Tentative: v7.0(1) – ASA Family
ASA 5500 Intro © 2004 Cisco Systems, Inc. All rights reserved. 23
Comprehensive Management, Monitoring & Response
Converged Services Reduces Complexity and Costs
ASA 5500 Intro © 2004 Cisco Systems, Inc. All rights reserved. 24
Cisco Adaptive Security Device Manager (ASDM) v5.0
Next-Generation of Popular Cisco PIX Device Manager
ASA 5500 Intro © 2004 Cisco Systems, Inc. All rights reserved. 25
Cisco Adaptive Security Device Manager (ASDM) v5.0
Robust Firewall Management and Monitoring
ASA 5500 Intro © 2004 Cisco Systems, Inc. All rights reserved. Cisco Confidential – NDA Use Only 26
Cisco Adaptive Security Device Manager v5.0
Comprehensive VPN Management and Monitoring
ASA 5500 Intro © 2004 Cisco Systems, Inc. All rights reserved. Cisco Confidential – NDA Use Only 27
Cisco Adaptive Security Device Manager v5.0
Extensive IPS Management and Monitoring
ASA 5500 Intro © 2004 Cisco Systems, Inc. All rights reserved. Cisco Confidential – NDA Use Only 28
Summary: Cisco ASA 5500 Series
3 Take aways…
ASA 5500 Intro © 2004 Cisco Systems, Inc. All rights reserved. 29
ASA 5500 Intro © 2004 Cisco Systems, Inc. All rights reserved. 30