Cisco ASA5510 Vs ASA5512-X or Cisco 5515-X

Cisco released its announcement of EoL and EoS dates for the Cisco ASA 5500 Adaptive Security Appliances, including Cisco ASA 5550, Cisco ASA 5540, Cisco ASA 5520, Cisco ASA 5510 and Cisco ASA 5500 Series Accessories on Mar 18, 2013. Cisco listed End-of-Life Cisco ASA5510 Vs ASA5512-X or Cisco 5515-XMilestones and Dates for the Cisco ASA 5500 Adaptive Security Appliance and Product Part Numbers Affected by This Announcement.The detailed tables you can read at http://www.cisco.com/en/US/products/ps6120/prod_eol_notices_list.html

As we known, Cisco ASA series is welcomed from small and branch offices to enterprises and organizations. Cisco ASA 5500 firewalls scale to meet a wide range of needs while providing highly secure, high-performance connectivity. More detailed features of Cisco 5500 series you can see related pages at Cisco.com.

The Cisco ASA product line for small and branch offices include 4 ASA models:

  • ASA5505 (either Basic License or Security Plus License)
  • ASA5510 (either Basic License or Security Plus License)
  • ASA5512-X (either Basic License or Security Plus License)
  • ASA5515-X

In this article we will describe the main differences between the ASA5510 and the newest generation ASA5512-X and ASA5515-X models. We have chosen these 3 models because Cisco ASA5512-X and 5515-X are recommended by Cisco as replacement models for the older 5510 firewall which will reach end-of-sale on September 16, 2013.

Specifically, Cisco recommends the following hardware migration path for the models above:

Older ASA Model Recommended Replacement Model
ASA 5510 (Basic License) ASA 5512-X Basic License
ASA 5510 (Security Plus License) ASA 5512-X Security Plus License OR ASA 5515-X

As you can see above, both the ASA 5510 and the Cisco 5512-X are offered with two types of licenses: Basic License (this is the default license type when you purchase) or a Security Plus License which costs extra money. On the other hand, the ASA5515-X comes with a single default license (there is no security plus license on this model).

The Security Plus license on the 5510 and 5512-X allows some enhancements such as additional VLANs (from 50 to 100), additional concurrent firewall sessions (on the 5510 model) etc. The most notable improvement offered by the Security Plus license on both 5510 and 5512-X is the device Failover support. It allows the devices to work in Active/Active or Active/Standby failover. This feature is not supported on the Basic license. (The 5515-X supports A/A and A/S failover by default).

The table below shows the most important differences between ASA5510 and 5512-X / 5515-X appliances.

Spec. ASA5510 ASA5512-X ASA5515-X
Max Firewall Throughput 300 Mbps max 1 Gbps 1.2 Gbps
IPS Support Needs extra hardware module Supported with NO extra hardware Supported with NO extra hardware
3DES/AES VPN Throughput 170 Mbps 200 Mbps 250 Mbps
IPSEC Site-to-Site and Client VPN sessions 250 250 250
Anyconnect SSL VPN User Sessions 250 250 250
Integrated Ethernet Interfaces 5×10/100 FEOR2×10/100/1000 and 3×10/100 with SecPlus 6×10/100/1000 6×10/100/1000
Next Generation Firewall Features Not Supported Supported (extra license or subscription needed) Supported (extra license or subscription needed)

Regarding network interfaces, the Cisco 5510 basic license supports only FastEthernet (10/100 FE) interfaces while the 5512-X and 5515-X support Gigabit (10/100/1000) copper interfaces. So, if you are migrating the configuration of an ASA5510 to a new 5512-X or 5515-X you need to take into consideration the interface command syntax.

The interface configuration of these devices will look like the following:

ASA 5510 Interface Configuration

! Physical Interface
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0

! Creating Subinterfaces on interface E0/2
interface Ethernet0/2
no nameif
no security-level
no ip address
no shutdown

interface Ethernet0/2.10
vlan 10
nameif fw-out
security-level 50
ip address 172.16.61.1 255.255.255.0

ASA 5512-X or 5515-X Interface Configuration

! Physical Interface
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0

! Creating Subinterfaces on interface GE0/2
interface GigabitEthernet0/2
no nameif
no security-level
no ip address
no shutdown

interface GigabitEthernet0/2.10
vlan 10
nameif fw-out
security-level 50
ip address 172.16.61.1 255.255.255.0

So as you can see if you are migrating from 5510 to 5512-X or 5515-X you should change the commands on the interface configuration syntax. Other than the above, almost all the other core firewall commands will be the same.

—Reference from http://www.networkstraining.com

More Related Cisco ASA Tips:

Simple Steps to Connect a Remote Office to Cisco ASA 5510

How to Configure Cisco ASA 5505 Firewall?

Cisco ASA Firewall Licensing

How to Connect to Cisco ASA?

The Way to Activate Your Cisco ASA 5500

Cisco ASA 5520 Basic Configuration Guide

How to Configure Dual ISP on Cisco ASA 5505?

Site-to-Site IPSEC VPN between Two Cisco ASA 5520

Share This Post

Post Comment