The New Cisco ASA 5506-X, More Comparisons

What’s the ASA 5506-X? Yes, it’s also the part of the ASA 5500-X of next-generation mid-range ASAs and is built on the same security platform as the rest of the ASA family. The new ASA 5506-X and the ASA 5508-X, both of them are with FirePOWER and gigabit ports. It’s an awesome firewall for your home. It will probably become the successors of the ASA5505. Will the new Cisco ASA 5506-X replace ASA 5505? Let’s have a look some comparisons among the ASA 5500-X series.

The following table shows the next-generation firewall capabilities and capacities of the Cisco ASA with FirePOWER Services for Cisco ASA 5506-X, 5512-X and 5515-X Models.

Cisco ASA Models

From left to right: ASA 5505/Security Plus, ASA 5506-X/Security Plus, ASA 5512-X/ Security Plus and ASA 5515-X

Cisco ASA Model

ASA 5505 / Security Plus ASA 5506-X / Security Plus ASA 5512-X / Security Plus ASA 5515-X
Stateful Inspection throughput (max1) Up to 150 Mbps 750 Mbps 1 Gbps 1.2 Gbps
Stateful Inspection throughput (multiprotocol2) 300 Mbps 500 Mbps 600 Mbps
Maximum application control (AVC) throughput 250 Mbps 300 Mbps 500 Mbps
Maximum AVC and NGIPS throughput 125 Mbps 150 Mbps 250 Mbps
Maximum Concurrent sessions 10,000 /25,000 20,000/50,000 100,000 250,000
Maximum new Connections per second 4,000 5,000 10,000 15,000
Application control (AVC)
NGIPS sizing throughput [440 byte HTTP]3
90 Mbps 100 Mbps 150 Mbps
Packets per second (64 byte) 85,000 246,900 450,000 500,000
Maximum 3DES/AES VPN throughput4 100 Mbps 100 Mbps 200 Mbps 250 Mbps
Maximum Site-to-site and IPsec IKEv1 client VPN user sessions4(requires Security Plus license) 10/25 10 / 50 250 250
Maximum Cisco AnyConnect®or Clientless VPN User Sessions5 (AnyConnect/Apex license required) 25 2 / 50 250 250
Cisco Cloud Web Security users 25 275 2,000 3,000
VLANs 3 (trunking disabled) / 20 (trunking enabled) 5 / 50 50 / 100 100
High-availability support6 Stateless Active/Standby Only* A/S* Active/Active* and Active/Standby* A/A and A/S
Integrated I/O 8-port FE with 2 Power over Ethernet (PoE) ports 8 x 1 Gigabit Ethernet (GE) 6-port 10/100/1000 6-port 10/100/1000
Expansion I/O Not available Not available 6-port 10/100/1000 or 6-port GE (SFP) 6-port 10/100/1000 or 6-port GE (SFP)
Dual power supplies Not available Not available Not available Not available
Power AC/DC AC only AC/DC AC/DC

1 Maximum throughput with UDP traffic measured under ideal test conditions
2 Multiprotocol = Traffic profile consisting primarily of TCP-based protocols/applications like HTTP, SMTP, FTP, IMAPv4, BitTorrent, and DNS
3Activating more features will change performance
4 VPN throughput and maximum sessions depend on the ASA device configuration and VPN traffic patterns, including average packet size. These elements should be taken into consideration as part of your capacity planning. Throughput represents the maximum possible IPsec throughput. Maximum users may be further limited by your throughput requirements.
5 Requires AnyConnect Plus/Apex license. Apex license required for clientless VPN. See the AnyConnect Ordering Guide for details. Maximum users may be further limited by your throughput requirements.
6 A/A = Active/Active; A/S = Active/Standby
* requires security plus license


More Comparison: the Cisco ASA with FirePOWER Services for Cisco ASA 5500-X Series

Feature ASA 5506-X ASA 5512-X ASA 5515-X ASA 5525-X ASA 5545-X ASA 5555-X
Maximum application control (AVC) throughput 250 Mbps 300 Mbps 500 Mbps 1100 Mbps 1500 Mbps 1750 Mbps
Maximum AVC and IPS throughput 125 Mbps 300 Mbps 250 Mbps 650 Mbps 1000 Mbps 1250 Mbps
Maximum concurrent sessions 20,000;
100,000 250,000 500,000 750,000 1,000,000
Maximum new connections per second 5,000 10,000 15,000 20,000 30,000 50,000
AVC or IPS sizing throughput [440-byte HTTP]2 90 Mbps 100 Mbps 150 Mbps 375 Mbps 575 Mbps 725 Mbps
Supported applications More than 3000
URL categories 80+
Number of URLs categorized More than 280 million
Centralized configuration, logging, monitoring, and reporting Multidevice Cisco Security Manager and Cisco FireSIGHT Management Center

1Higher specifications are associated with the Security Plus license.

2Activating more features will change performance.

