What’s the ASA 5506-X? Yes, it’s also the part of the ASA 5500-X of next-generation mid-range ASAs and is built on the same security platform as the rest of the ASA family. The new ASA 5506-X and the ASA 5508-X, both of them are with FirePOWER and gigabit ports. It’s an awesome firewall for your home. It will probably become the successors of the ASA5505. Will the new Cisco ASA 5506-X replace ASA 5505? Let’s have a look some comparisons among the ASA 5500-X series.
The following table shows the next-generation firewall capabilities and capacities of the Cisco ASA with FirePOWER Services for Cisco ASA 5506-X, 5512-X and 5515-X Models.
From left to right: ASA 5505/Security Plus, ASA 5506-X/Security Plus, ASA 5512-X/ Security Plus and ASA 5515-X
| Cisco ASA Model | ASA 5505 / Security Plus | ASA 5506-X / Security Plus | ASA 5512-X / Security Plus | ASA 5515-X |
| Stateful Inspection throughput (max1) | Up to 150 Mbps | 750 Mbps | 1 Gbps | 1.2 Gbps |
| Stateful Inspection throughput (multiprotocol2) | – | 300 Mbps | 500 Mbps | 600 Mbps |
| Maximum application control (AVC) throughput | – | 250 Mbps | 300 Mbps | 500 Mbps |
| Maximum AVC and NGIPS throughput | – | 125 Mbps | 150 Mbps | 250 Mbps |
| Maximum Concurrent sessions | 10,000 /25,000 | 20,000/50,000 | 100,000 | 250,000 |
| Maximum new Connections per second | 4,000 | 5,000 | 10,000 | 15,000 |
| Application control (AVC) or NGIPS sizing throughput [440 byte HTTP]3 | – | 90 Mbps | 100 Mbps | 150 Mbps |
| Packets per second (64 byte) | 85,000 | 246,900 | 450,000 | 500,000 |
| Maximum 3DES/AES VPN throughput4 | 100 Mbps | 100 Mbps | 200 Mbps | 250 Mbps |
| Maximum Site-to-site and IPsec IKEv1 client VPN user sessions4(requires Security Plus license) | 10/25 | 10 / 50 | 250 | 250 |
| Maximum Cisco AnyConnect®or Clientless VPN User Sessions5 (AnyConnect/Apex license required) | 25 | 2 / 50 | 250 | 250 |
| Cisco Cloud Web Security users | 25 | 275 | 2,000 | 3,000 |
| VLANs | 3 (trunking disabled) / 20 (trunking enabled) | 5 / 50 | 50 / 100 | 100 |
| High-availability support6 | Stateless Active/Standby Only* | A/S* | Active/Active* and Active/Standby* | A/A and A/S |
| Integrated I/O | 8-port FE with 2 Power over Ethernet (PoE) ports | 8 x 1 Gigabit Ethernet (GE) | 6-port 10/100/1000 | 6-port 10/100/1000 |
| Expansion I/O | Not available | Not available | 6-port 10/100/1000 or 6-port GE (SFP) | 6-port 10/100/1000 or 6-port GE (SFP) |
| Dual power supplies | Not available | Not available | Not available | Not available |
| Power | AC/DC | AC only | AC/DC | AC/DC |
1 Maximum throughput with UDP traffic measured under ideal test conditions
2 Multiprotocol = Traffic profile consisting primarily of TCP-based protocols/applications like HTTP, SMTP, FTP, IMAPv4, BitTorrent, and DNS
3Activating more features will change performance
4 VPN throughput and maximum sessions depend on the ASA device configuration and VPN traffic patterns, including average packet size. These elements should be taken into consideration as part of your capacity planning. Throughput represents the maximum possible IPsec throughput. Maximum users may be further limited by your throughput requirements.
5 Requires AnyConnect Plus/Apex license. Apex license required for clientless VPN. See the AnyConnect Ordering Guide for details. Maximum users may be further limited by your throughput requirements.
6 A/A = Active/Active; A/S = Active/Standby
* requires security plus license
More Comparison: the Cisco ASA with FirePOWER Services for Cisco ASA 5500-X Series
| Feature | ASA 5506-X | ASA 5512-X | ASA 5515-X | ASA 5525-X | ASA 5545-X | ASA 5555-X |
| Maximum application control (AVC) throughput | 250 Mbps | 300 Mbps | 500 Mbps | 1100 Mbps | 1500 Mbps | 1750 Mbps |
| Maximum AVC and IPS throughput | 125 Mbps | 300 Mbps | 250 Mbps | 650 Mbps | 1000 Mbps | 1250 Mbps |
| Maximum concurrent sessions | 20,000; 500001 | 100,000 | 250,000 | 500,000 | 750,000 | 1,000,000 |
| Maximum new connections per second | 5,000 | 10,000 | 15,000 | 20,000 | 30,000 | 50,000 |
| AVC or IPS sizing throughput [440-byte HTTP]2 | 90 Mbps | 100 Mbps | 150 Mbps | 375 Mbps | 575 Mbps | 725 Mbps |
| Supported applications | More than 3000 | |||||
| URL categories | 80+ | |||||
| Number of URLs categorized | More than 280 million | |||||
| Centralized configuration, logging, monitoring, and reporting | Multidevice Cisco Security Manager and Cisco FireSIGHT Management Center | |||||
1Higher specifications are associated with the Security Plus license.
2Activating more features will change performance.
What’s the exact Cisco ASA 5506-X after you read the main info and comparisons of the new Cisco ASA 5500-X model? We will tell you in the next article…
More Related Cisco ASA Topics
What are the Considerations While Buying a Cisco Next-Generation Firewall?
Cisco ASA 5500-X Series’ New Features & Main Model Comparison
Does Cisco ASA 5500-X Series Support Both IPS and AVC/WSE in One Box?
