When Cisco introduced its ASA5500 series of security appliances, many people viewed this simply as a PIX replacement. The reality is the ASA series of products offer customers much more than just a firewall. The ASA is now truly a multipurpose edge security device allowing customers to integrate multiple functions into a single security appliance. Let’s take a look at a few of the more popular capabilities.

VPN termination

The ASA offers multiple methods of VPN termination. For remote client access, the ASA supports traditional IPSec clients like Cisco’s VPN client but has added the capability for SSL VPN termination as well. May customers do not realize they are licensed for two concurrent SSL VPN sessions out of the box. SSL VPN offers the client tremendous flexibility for remote access to the business. The ASA can also be used for more traditional site to site VPN termination for connecting remote sites back in to the main site for full interoffice communications.

There is one caveat for SSL licensing customers need to be aware of and that is that the ASA can have only one SSL client license. That means that when a 10 session license is purchased, the customer only has 10 concurrent sessions, not 12 as some people have thought. These sessions are concurrent meaning that you can have more than 10 people with access to the device as long as 10 or fewer are logged in at any point in time.

IPS – Intrusion Prevention

Unlike the PIX firewall that had a limited subset of IPS signatures that it could inspect, an ASA equipped with the correct AIP module provides inline, wire speed inspection of traffic for the full complement of signatures available. This means a customer can be confident that the edge device is inspecting and protecting all traffic entering the organization and provides an excellent first line of defense.

Cisco incents its customers to purchase IPS capabilities as part of a bundle versus adding it after the fact. It is much less expensive for customers to purchase the IPS capabilities up front as opposed to buying the technology after the fact. As a result, customers should budget to add this capability upon initial purchase. This will not only save money, but it will increase the security of the customer environment from day one.

Multiple Firewall Contexts

While many people consider a firewall an edge device, more and more businesses are seeing the need to add additional layers of firewalling within their organization to separate internal users from business critical resources. While this can certainly be done with multiple physical appliances, it can also be done with a single ASA running multiple contexts. Multiple contexts allow customers to in essence run multiple firewalls with different rule sets in one physical appliance. The primary consideration for this type of deployment is to ensure your appliance has the proper throughput for your organization.

Multiple contexts can allow a network administrator to manage the appliance at the edge of the network while allowing the server team to administer the firewall rules for accessing the business critical resources. The multiple contexts allow different logins and configurations for the same physical appliance, maximizing the customer investment in that piece of equipment.

Conclusion

The ASA5500 is a family of robust security appliances that can help businesses secure both their network edge as well as mission critical applications. The device has many functions that can be enabled to provide a full range of features to all organizations. If you would like to learn more about the capabilities of the ASA5500 please contact your Adcap account manager.

Author: Mike Lundy

Posted at Geeknick

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Filed under: Network Security

Like this post? Subscribe to my RSS feed and get loads more!