Guest

Cisco ASA 5500-X Series Next-Generation Firewalls

Cisco ASA 5585-X Series Next Generation Firewalls Data Sheet

Let Us Help

  • Viewing Options

  • PDF (580.3 KB)
  • Feedback
Ready to Upgrade Your Firewall?

Get tested and validated design details for fast and reliable deployment in the Technology Design Guide. Also, save up to 15% when you upgrade your old firewall.

Today’s enterprise networks must deal with an increasingly mobile workforce requiring anywhere, anytime access from a variety of company and personal devices. These networks must support an ever-increasing amount of data and transactions, requiring more efficient methods to scale to meet the performance levels of today’s applications while ensuring the highest levels of security. The Cisco® ASA 5585-X Next-Generation Firewall meets these demands. It delivers unprecedented scalability, performance, and security in a compact two-rack-unit (2RU) footprint.

Using a single firewall blade, the Cisco ASA 5585-X delivers eight times the performance density of competitive firewalls. It supports the highest VPN session counts, twice as many connections per second, and four times the connection capacity of competitive firewalls. The Cisco ASA 5585-X meets the growing needs of today’s most dynamic organizations.

Firewall Features

Support for Layer 3 and Layer 4 stateful firewall inspection features, including access control and network address translation, enables organizations to keep existing stateful inspection policies that are essential for compliance regulations. The context-aware Cisco Intrusion Prevention System (IPS) services provide the capability to act more intelligently and aggressively against threats that pose a significant risk to organizations.

In addition to comprehensive stateful inspection capabilities, Layer 7 next-generation policies act intelligently on contextual information. Cisco ASA Next-Generation Firewall Services are enhanced with local intelligence from the Cisco AnyConnect® Secure Mobility Client and Cisco Security Intelligence Operations (SIO). AnyConnect® technology provides information on the type and location of a mobile device before it accesses the network, enabling administrators to maintain high levels of network protection and control. Threat intelligence feeds from Cisco SIO use the global footprint of Cisco security deployments (more than 1.6 million security devices) to analyze approximately one-third of the world’s Internet traffic for near-real-time protection from zero-day threats.

Cisco ASA Next-Generation Firewall Services deliver application, user ID, and device awareness capabilities for enhanced visibility and control of network traffic. In addition, administrators can:

Prevent network intrusions based on dynamically calculated business risk

Restrict web and web application usage based on the reputation of a site with Cisco Web Security Essentials (WSE)

Proactively protect against Internet threats through up-to-the-minute reputation analysis and robust content-based URL filtering

Enforce differentiated policies based on the user, device, role, and application type

Recognize and control more than 1000 applications and 150,000 micro applications with Cisco Application Visibility and Control (AVC)

Flexible Deployment Options

The Cisco ASA 5585-X supports two hardware blades in a single 2RU chassis. The bottom slot (slot 0) hosts the ASA stateful inspection firewall module, while the top slot (slot 1) can be used for adding a dedicated Cisco IPS, Cisco Next-Generation Firewall Services, or a second stateful inspection firewall module. Multiple integrated security services within a single chassis provide broad deployment flexibility and investment protection. The ability to add a second stateful inspection firewall module doubles the firewall performance for superior scalability, performance density, and security for data center use cases. In addition, the top slot can optionally be populated with up to two Cisco ASA 5585-X I/O Modules for high interface density for mission-critical data centers that require exceptional flexibility and security.

Clustering

Using Cisco ASA Software Release 9.0 and above, customers can combine up to eight Cisco ASA 5585-X firewall modules in a single cluster for up to 320 Gbps of throughput, 1 million connections per second, and more than 50 million concurrent connections in as few as eight RUs. This “pay as you grow” model enables organizations to purchase what they need today and dynamically add more when their performance needs grow. To protect high-performance data centers from internal and external threats, the cluster can be augmented by adding up to eight Cisco IPS modules for up to 80 Gbps of IPS throughput.

Cisco ASA Software clustering delivers a consistent scaling factor, irrespective of the number of units in the cluster, for a linear and predictable increase in performance. Complexity is reduced, as no changes are required to existing Layer 2 and Layer 3 networks. Support for data center designs based on the Cisco Virtual Switching System (VSS) and Cisco Virtual Port Channel (VPC) as well as the Link Aggregation Control Protocol (LACP) provides high availability (HA) with better network integration.

For operational efficiency, Cisco ASA clusters are easy to manage and troubleshoot. Policies pushed to the master node are replicated across all the units within the cluster. The health, performance, and capacity statistics of the entire cluster, as well as individual units within the cluster, can be assessed from a single management console. Hitless software upgrades are supported for ease of device updates.

Clustering supports HA in both active/active and active/passive modes. All units in the cluster actively pass traffic and all connection information is replicated to at least one other unit in the cluster to support N+1 HA. In addition, single and multiple contexts are supported, along with routed and transparent modes. A single configuration is maintained across all units in the cluster using automatic configuration sync. Cluster-wide statistics are provided to track resource usage.

Cisco TrustSec Integration

Using Cisco ASA Software Release 9.0 and above, the Cisco ASA 5585-X provides context awareness through the integration of identity-based firewall security and Cisco TrustSec® security group tags for enhanced visibility and control. Identity-based firewall security provides more flexible access control to enforce policies based on user and group identities and the point of access. Administrators can write policies that correspond to business rules, a process that increases security, enhances ease of use, and requires fewer policies to manage. Similarly, Cisco TrustSec integration enables security group tags to be embedded into the network, providing administrators with the ability to develop and enforce better, more precise policies.

Cut Costs While Improving Performance and Security

The Cisco ASA 5585-X Next-Generation Firewall delivers superior scalability, performance, and security to handle high data volumes without sacrificing performance. Most firewalls require up to 16RUs and 5100 watts to scale to the level of performance that the Cisco ASA 5585-X achieves with only 2RUs and 785 watts. This performance helps enterprises meet the increasing demands for network connectivity without the need to invest in additional data center space and incur the corresponding maintenance costs.

Based on tests conducted by Cisco, the Cisco ASA 5585-X significantly reduces initial procurement costs by 80 percent, power consumption costs by 85 percent, and rack space requirements by 88 percent in addition to significant reductions in overall integration and management complexity and costs. In addition, you can install up to two firewall modules in a single Cisco ASA 5585-X chassis, providing scalability to 80 Gbps.

Table 1 gives the capabilities of the four Cisco ASA 5585-X models, and Table 2 lists characteristics of the Cisco ASA 5585-X IPS Security Services Processor (SSP) modules. Table 3 shows characteristics of the Cisco ASA 5585-X CX SSP 10 and 20 hardware blades.

Table 1. Cisco ASA 5585-X Next-Generation Firewall Capabilities and Capacities

Feature

Cisco ASA 5585-X with SSP-10

Cisco ASA 5585-X with SSP-20

Cisco ASA 5585-X withSSP-40

Cisco ASA 5585-X with SSP-60

Typical use case

Edge

Edge

Data center

Data center

Users or nodes

Unlimited

Unlimited

Unlimited

Unlimited

Stateful Inspection firewall throughput (maximum[1]*)

4 Gbps

10 Gbps

20 Gbps

40 Gbps

Stateful inspection firewall throughput (multiprotocol)[2]

2 Gbps

5 Gbps

10 Gbps

20 Gbps

Concurrent firewall connections

1,000,000

2,000,000

4,000,000

10,000,000

Firewall connections persecond

50,000

125,000

200,000

350,000

Packets (64 byte) per second

1,500,000

3,000,000

5,000,000

9,000,000

Security contexts[3]

Up to 50

Up to 50

Up to 50

Up to 50

Authentication

Active Directory agent, LDAP, Kerberos, NTLM

Active Directory agent, LDAP, Kerberos, NTLM

Active Directory agent, LDAP, Kerberos, NTLM

Active Directory agent, LDAP, Kerberos, NTLM

Maximum IPS throughput[4]

2 Gbps (with IPS SSP-10)

3 Gbps (with IPS SSP-20)

5 Gbps (with IPS SSP-40)

10 Gbps (with IPS SSP-60)

Cisco Next-Generation Firewall throughput (multiprotocol)[5]

2 Gbps

5 Gbps

Not Available

Not Available

Maximum VPN throughput[6]

1 Gbps

2 Gbps

3 Gbps

5 Gbps

Cisco AnyConnect or clientless VPN peers

Up to 5,000

Up to 10,000

Up to 10,000

Up to 10,000

Premium Cisco AnyConnect VPN peer license levels[7]

2, 10, 25, 50, 100, 250, 500, 750, 1000, 2500, and 5000

2, 10, 25, 50, 100, 250, 500, 750, 1000, 2500, 5000, and 10,000

2, 10, 25, 50, 100, 250, 500, 750, 1000, 2500, 5000, and 10,000

2, 10, 25, 50, 100, 250, 500, 750, 1000, 2500, 5000, and 10,000

Interfaces

8-port 10/100/1000, 2-port 10 Gigabit Ethernet** (SFP+)

8-port 10/100/1000, 2-port 10 Gigabit Ethernet** (SFP+)

6-port 10/100/1000, 4-port 10 Gigabit Ethernet (SFP+)

6-port 10/100/1000, 4-port 10 Gigabit Ethernet (SFP+)

Maximum number of interfaces

16-port 10/100/1000, 4-port 10 Gigabit Ethernet** (SFP+) (requires IPS
SSP-10)

16-port 10/100/1000, 4-port 10 Gigabit Ethernet** (SFP+) (requires IPS
SSP-20)

12-port 10/100/1000,8-port 10 Gigabit Ethernet (SFP+) (requires IPS SSP-40)

12-port 10/100/1000, 8-port 10 Gigabit Ethernet (SFP+) (requires IPS SSP-60)

Integrated network management ports

2-port 10/100/1000

2-port 10/100/1000

2-port 10/100/1000

2-port 10/100/1000

Integrated network ports

8-port 10/100/1000, 2-port 10 Gigabit Ethernet*** (SFP+)

8-port 10/100/1000, 2-port 10 Gigabit Ethernet*** (SFP+)

6-port 10/100/1000, 4-port 10 Gigabit Ethernet (SFP+)

6-port 10/100/1000, 4-port 10 Gigabit Ethernet (SFP+)

Maximum number of integrated network ports

16-port 10/100/1000, 4-port 10 Gigabit Ethernet*** SFP+ (SSP-10 and IPS SSP-10)

16-port 10/100/1000, 4-port 10 Gigabit Ethernet*** SFP+ (SSP-20 and IPS SSP-20)

12-port 10/100/1000,8-port 10 Gigabit Ethernet SFP+ (SSP-40 and IPS SSP-40)

12-port 10/100/1000, 8-port 10 Gigabit Ethernet SFP+ (SSP-60 and IPS SSP-60)

Interface card slots

2

2

2

2

Virtual interfaces (VLANs)

250

250

250

250

Scalability

VPN clustering and load balancing

VPN clustering and load balancing

VPN clustering and load balancing

VPN clustering and load balancing

High availability

Active/Active[8] and Active/Standby

Active/Active8 and Active/Standby

Active/Active8 and Active/Standby

Active/Active8 and Active/Standby

Redundant power

Supported, second power supply optional

Supported, second power supply optional

Supported, second power supply optional

Supported

USB 2.0 ports

2

2

2

2

Serial ports

1 RJ-45, console and auxiliary

1 RJ-45, console and auxiliary

1 RJ-45, console and auxiliary

1 RJ-45, console and auxiliary

Rack-mountable

Yes, rack mounts included

Yes, rack mounts included

Yes, rack mounts included

Yes, rack mounts included

Memory

6 GB (SSP-10) 12 GB (SSP-10 and IPS SSP-10)

12 GB (SSP-20) 24 GB (SSP-20 and IPS SSP-20)

12 GB (SSP-40) 36 GB (SSP-40 and IPS SSP-40)

24 GB (SSP-60) 72 GB (SSP-60 and IPS SSP-60)

Minimum system flash

2 GB (SSP-10)
4 GB (SSP-10 and IPS SSP-10)

2 GB (SSP-20)
4 GB (SSP-20 and IPS SSP-20)

2 GB (SSP-40)
4 GB(SSP-40 and IPS SSP-40)

2 GB (SSP-60)
4 GB (SSP 60 and IPS SSP-60)

Operating temperature

32 to 104°F
(0 to 40°C)

32 to 104°F
(0 to 40°C)

32 to 104°F
(0 to 40°C)

32 to 104°F
(0 to 40°C)

Relative humidity

10 to 90 percent noncondensing

10 to 90 percent noncondensing

10 to 90 percent noncondensing

10 to 90 percent noncondensing

Altitude

Designed and tested for
0 to 10,000 ft (3050 m)

Designed and tested for
0 to 10,000 ft (3050 m)

Designed and tested for
0 to 10,000 ft (3050 m)

Designed and tested for
0 to 10,000 ft (3050 m)

Noise

65 dBa max

65 dBa max

65 dBa max

65 dBa max

Temperature

-40 to +158°F
(-40 to +70°C)

-40 to +158°F
(-40 to +70°C)

-40 to +158°F
(-40 to +70°C)

-40 to +158°F
(-40 to +70°C)

Relative humidity

5 to 95 percent noncondensing

5 to 95 percent noncondensing

5 to 95 percent noncondensing

5 to 95 percent noncondensing

Altitude

0 to 30,000 ft (9144 m)

0 to 30,000 ft (9144 m)

0 to 30,000 ft (9144 m)

0 to 30,000 ft (9144 m)

Range line voltage

100 to 240 VAC

100 to 240 VAC

100 to 240 VAC

100 to 240 VAC

Normal line voltage

100 to 240 VAC

100 to 240 VAC

100 to 240 VAC

100 to 240 VAC

Maximum current

9A (100 VAC),
4.5A (200 VAC)

9A (100 VAC),
4.5A (200 VAC)

9A (100 VAC),
4.5A (200 VAC)

9A (100 VAC),
4.5A (200 VAC)

Frequency

50 to 60 Hz

50 to 60 Hz

50 to 60 Hz

50 to 60 Hz

Steady state

320W (1 SSP only)
670W (1 SSP and 1 IPS SSP)

320W (1 SSP only)
670W (1 SSP and 1 IPS SSP)

320W (1 SSP only)
670W (1 SSP and 1 IPS SSP)

320W (1 SSP only)
670W (1 SSP and 1 IPS SSP)

Maximum peak

370W (1 SSP only)
770W (1 SSP and 1 IPS SSP)

370W (1 SSP only)
770W (1 SSP and 1 IPS SSP)

370W (1 SSP only)
770W (1 SSP and 1 IPS SSP)

370W (1 SSP only)
770W (1 SSP and 1 IPS SSP)

Maximum heat dissipation

3960 BTU/hr (100 VAC), 5450 BTU/hr (200 VAC)

3960 BTU/hr (100 VAC), 5450 BTU/hr (200 VAC)

3960 BTU/hr (100 VAC), 5450 BTU/hr (200 VAC)

3960 BTU/hr (100 VAC), 5450 BTU/hr (200 VAC)

Form factor

2 RU, 19-in. rack-mountable

2 RU, 19-in. rack-mountable

2 RU, 19-in. rack-mountable

2 RU, 19-in. rack-mountable

Dimensions (H x W x D)

3.47 x 19 x 26.5 in.
(8.8x 48.3 x 67.3 cm)

3.47 x 19 x 26.5 in.
(8.8x 48.3 x 67.3 cm)

3.47 x 19 x 26.5 in.
(8.8x 48.3 x 67.3 cm)

3.47 x 19 x 26.5 in.
(8.8x 48.3 x 67.3 cm)

Weight

50 lb (22.7 kg) with 1 SSP and single power supply 62lb (28.2 kg) with SSP and IPS-SSP and dual power supplies

50 lb (22.7 kg) with 1 SSP and single power supply 62lb (28.2 kg) with SSP and IPS-SSP and dual power supplies

50 lb (22.7 kg) with 1 SSP and single power supply 62lb (28.2 kg) with SSP and IPS-SSP and dual power supplies

50 lb (22.7 kg) with 1 SSP and single power supply 62lb (28.2 kg) with SSP and IPS-SSP and dual power supplies

Safety

UL 60950-1, CAN/CSA-C22.2 No. 60950-1
EN 60950-1, IEC 60950-1, AS/NZS 60950-1GB4943

UL 60950-1, CAN/CSA-C22.2 No. 60950-1
EN 60950-1, IEC 60950-1, AS/NZS 60950-1GB4943

UL 60950-1, CAN/CSA-C22.2 No. 60950-1
EN 60950-1, IEC 60950-1, AS/NZS 60950-1GB4943

UL 60950-1, CAN/CSA-C22.2 No. 60950-1
EN 60950-1, IEC 60950-1, AS/NZS 60950-1GB4943

Electromagnetic compatibility (EMC)

47CFR Part 15 (CFR 47) Class A, AS/NZS CISPR22 Class A, CISPR2 2 Class A, EN55022 Class A, ICES003 Class A, VCCI Class A EN61000-3-2, EN61000-3-3, KN22 Class A, CNS13438 Class A, EN50082-1, EN55024, CISPR24, EN300386, KN 61000-4 Series

47CFR Part 15 (CFR 47) Class A, AS/NZS CISPR22 Class A, CISPR2 2 Class A, EN55022 Class A, ICES003 Class A, VCCI Class A EN61000-3-2, EN61000-3-3, KN22 Class A, CNS13438 Class A, EN50082-1, EN55024, CISPR24, EN300386, KN 61000-4 Series

47CFR Part 15 (CFR 47) Class A, AS/NZS CISPR22 Class A, CISPR2 2 Class A, EN55022 Class A, ICES003 Class A, VCCI Class A EN61000-3-2, EN61000-3-3, KN22 Class A, CNS13438 Class A, EN50082-1, EN55024, CISPR24, EN300386, KN 61000-4 Series

47CFR Part 15 (CFR 47) Class A, AS/NZS CISPR22 Class A, CISPR2 2 Class A, EN55022 Class A, ICES003 Class A, VCCI Class A EN61000-3-2, EN61000-3-3, KN22 Class A, CNS13438 Class A, EN50082-1, EN55024, CISPR24, EN300386, KN 61000-4 Series

Note: Performance numbers were tested and validated with Cisco ASA Software Release 8.4.

Table 2. Characteristics of Cisco ASA 5585-X IPS Security Services Processor Modules

Feature

Cisco ASA 5585-X
IPS SSP-10

Cisco ASA 5585-X
IPS SSP-20

Cisco ASA 5585-X
IPS SSP-40

Cisco ASA 5585-X
IPS SSP-60

Cisco IPS throughput

2 Gbps

3 Gbps

5 Gbps

10 Gbps

Technical Specifications

Memory

6 GB

12 GB

24 GB

48 GB

Flash

2 GB

2 GB

2 GB

2 GB

Environmental Operating Ranges

Operating

Temperature

0 to 104°F (0 to 40°C)

Relative humidity

10 to 90 percent noncondensing

Nonoperating

Temperature

-40 to +158°F (-40 to +70°C)

Power output (from power supply)

Power consumption

400W maximum

Physical Specifications

Dimensions (HxWx D)

1.70 x 17.20 x 15.60 in. (4.32 x 43.69 x 39.62 cm)

Weight

11.5 lb (5.2 kg)

Regulatory and Standards Compliance

Safety

UL 60950-1, CAN/CSA-C22.2 No. 60950-1
EN 60950-1, IEC 60950-1, AS/NZS 60950-1
GB4943

Electromagnetic Compatibility (EMC)

47CFR Part 15 (CFR 47) Class A, AS/NZS CISPR22 Class A,
CISPR2 2 Class A, EN55022 Class A, ICES003 Class A, VCCI Class A
EN61000-3-2, EN61000-3-3, KN22 Class A, CNS13438 Class A,
EN50082-1, EN55024, CISPR24, EN300386, KN 61000-4 Series

Table 3. Characteristics of Cisco ASA 5585-X CX Security Services Processor 10 and 20 Hardware Blades

Product Model

Cisco ASA 5585-X CX SSP-10

Cisco ASA 5585-X CX SSP-20

Technical Specifications

Memory

12 GB

24 GB

Disk storage

600 GB

600 GB

Hot-swappable hard disk

Yes

Yes

RAID level and controller

RAID 1, Software

RAID 1, Software

Minimum flash

8 GB

8 GB

Environmental Operating Ranges

Operating temperature

50 to 95ºF (10 to 35ºC)

50 to 95ºF (10 to 35ºC)

Relative humidity

10 to 90% (noncondensing)

10 to 90% (noncondensing)

Nonoperating temperature

-40 to 158ºF (-40 to 70ºC)

-40 to 158ºF (-40 to 70ºC)

Relative humidity

5 to 95% (noncondensing)

5 to 95% (noncondensing)

Altitude

0 to 30,000 ft (9144 m)

0 to 30,000 ft (9144 m)

Power Consumption and Mean Time Between Failures

Maximum peak

400W

400W

Steady State

Mean time between failures (MTBF)

109,887 hrs

87,829 hrs

Physical Specifications

Dimensions (H x W x D)

1.70 x 6.80 x 11.00 in
(4.32 x 17.27 x 27.94 cm)

1.70 x 6.80 x 11.00 in
(4.32 x 17.27 x 27.94 cm)

Weight

3.00 lb (1.36 kg)

3.00 lb (1.36 kg)

Management Features

Management and monitoring interface

2 Ethernet 10/100/1000 ports

2 Ethernet 10/100/1000 ports

Configuration, logging, and monitoring

Basic Cisco Prime Security Manager

Basic Cisco Prime Security Manager

Reporting

Basic Cisco Prime Security Manager

Basic Cisco Prime Security Manager

Centralized configuration, logging, monitoring, and reporting

Multidevice Cisco Prime Security Manager

Multidevice Cisco Prime Security Manager

Regulatory and Standards Compliance

Safety

UL 60950

CSA C22.2 No. 60950

EN 60950

IEC 60950

AS/NZS60950

UL 60950

CSA C22.2 No. 60950

EN 60950

IEC 60950

AS/NZS60950

Electromagnetic compatibility (EMC)

CE marking

FCC Part 15 Class A

AS/NZS CISPR22 Class A

VCCI Class A

EN55022 Class A

CISPR22 Class A

EN61000-3-2

EN61000-3-3

CE marking

FCC Part 15 Class A

AS/NZS CISPR22 Class A

VCCI Class A

EN55022 Class A

CISPR22 Class A

EN61000-3-2

EN61000-3-3

Cisco ASA 5585-X I/O Modules

Mission-critical data centers running Cisco ASA Software Release 8.4.4 and later can use the top slot of the Cisco ASA 5585-X to add up to two Cisco ASA 5585-X I/O modules for exceptional flexibility and security. With two Cisco ASA 5585-X I/O modules, a single Cisco ASA 5585-X can support up to twenty 10 Gigabit Ethernet ports or up to 50 1 Gigabit Ethernet ports. Using the Cisco ASA 5585-X Divider, the top slot is partitioned into two half-slots, with each I/O module occupying one half-slot. When only one I/O module is installed, a half-slot blank cover is required to cover the empty half-slot.

Table 4 describes each of the Cisco ASA 5585-X I/O modules in more detail.

Table 4. Cisco ASA 5585-X I/O Modules

Product Description

Number of Ports

Product Part Number

SFP/SFP+ Ports

SFP Ports

10/100/1000BASE-TPorts

Configuration Options

Cisco ASA 5585-X 8-port 10 Gigabit Ethernet module

8

-

-

ASA5585-NM-8-10GE

Cisco ASA 5585-X 4-port 10 Gigabit Ethernet module

4

-

-

ASA5585-NM-4-10GE

Cisco ASA 5585-X 20-port 1 Gigabit Ethernet module

-

12

8

ASA5585-NM-20-1GE

Cisco ASA 5585-X slot divider

-

-

-

ASA5585-SEPTUM

Cisco ASA 5585-X half-slot cover

-

-

-

ASA5585-BLANK-H

Spares

Cisco ASA 5585-X 8-port 10 Gigabit Ethernet module

8

-

-

ASA5585-NM-8-10GE=

Cisco ASA 5585-X 4-port 10 Gigabit Ethernet module

4

-

-

ASA5585-NM-4-10GE=

Cisco ASA 5585-X 2-port 1 Gigabit Ethernet module

-

12

8

ASA5585-NM-20-1GE=

Cisco ASA 5585-X slot divider

-

-

-

ASA5585-SEPTUM=

Cisco ASA 5585-X half-slot cover

-

-

-

ASA5585-BLANK-H=

Table 5 lists the 10 Gigabit Ethernet Enhanced Small Form-Factor Pluggable (SFP+) and 1 Gigabit Ethernet SFPs that are supported.

Table 5. Supported SFP and SFP+ Modules

Product Part Number

Product Description

Supported SFP modules

GLC-SX-MMD

GLC-LH-SMD

GLC-T

GLC-ZX-SMD

GLC-EX-SMD

Cisco 1000 Base-SX SFP module, MMF, 850nm, DOM

Cisco 1000 Base-LX/LH SFP module, MMF/SMF, 1310nm, DOM

Cisco 1000 Base-T copper SFP

Cisco 1000 Base-EX SFP module, SMF, 1550nm, DOM

Cisco 1000 Base-ZX SFP module, SMF, 1310nm, DOM

Supported SFP+ modules

SFP-10G-SR

SFP-10G-LRM

SFP-10G-LR

SFP-10G-ER

SFP-H10GB-CU1M

SFP-H10GB-CU3M

SFP-H10GB-CU5M

SFP-H10GB-ACU7M

SFP-H10GB-ACU10M

10G SR SFP+ modules

10G LRM SFP+ module

10G LR SFP+ module

10G ER SFP+ module

10G BASE-CU SFP+ cable 1 meter, passive

10G BASE-CU SFP+ cable 3 meter, passive

10G BASE-CU SFP+ cable 5 meter, passive

10G BASE-CU SFP+ cable 7 meter, active

10G BASE-CU SFP+ cable 10 meter, active

Optional DC Power Supplies

Service providers and data centers that require data-center-powered equipment can purchase Cisco ASA 5585-X Data Center Power Supply modules with built-in fans. These power supplies deliver up to 1150 watts of data center power for Cisco ASA 5585-X Next-Generation Firewalls. Two data center power supplies are required for each Cisco ASA 5585-X chassis. The minimum software required is Cisco ASA Software Release 8.4.5.

Warranty Information

Find warranty information on Cisco.com at the Product Warranties page.

Ordering Information

Help customers understand all the components or parts they need to purchase in order to install and use the product.

To place an order, visit the Cisco Ordering Homepage.

Table 6 lists part numbers for customer convenience.

Table 6. Ordering Information

Product Name

Product Part Number

Cisco ASA 5585-X Firewall Edition Bundles

Cisco ASA 5585-X Firewall Edition SSP-10 bundle includes 8 Gigabit Ethernet interfaces, 2 Gigabit Ethernet SFP interfaces, 2 Gigabit Ethernet management interfaces, 5000 IPsec VPN peers, 2 Premium VPN peers, DES license

ASA5585-S10-K8

Cisco ASA 5585-X Firewall Edition SSP-10 bundle includes 8 Gigabit Ethernet interfaces, 2 Gigabit Ethernet SFP interfaces, 2 Gigabit Ethernet management interfaces, 5000 IPsec VPN peers, 2 Premium VPN peers, 3DES/AES license

ASA5585-S10-K9

Cisco ASA 5585-X Security Plus Firewall Edition SSP-10 bundle includes 8 Gigabit Ethernet interfaces, 2 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 5000 IPsec VPN peers, 2 Premium VPN peers, dual AC power, 3DES/AES license

ASA5585-S10X-K9

Cisco ASA 5585-X Firewall Edition SSP-20 bundle includes 8 Gigabit Ethernet interfaces, 2 Gigabit Ethernet SFP interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers,
DES license

ASA5585-S20-K8

Cisco ASA 5585-X Firewall Edition SSP-20 bundle includes 8 Gigabit Ethernet interfaces, 2 Gigabit Ethernet SFP interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, 3DES/AES license

ASA5585-S20-K9

Cisco ASA 5585-X Security Plus Firewall Edition SSP-20 bundle includes 8 Gigabit Ethernet interfaces, 2 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, dual AC power, 3DES/AES license

ASA5585-S20X-K9

Cisco ASA 5585-X Firewall Edition SSP-40 bundle includes 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers,
DES license

ASA5585-S40-K8

Cisco ASA 5585-X Firewall Edition SSP-40 bundle includes 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, 3DES/AES license

ASA5585-S40-K9

Cisco ASA 5585-X Firewall Edition SSP-40 bundle includes 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers,
dual AC power, 3DES/AES license

ASA5585-S40-2A-K9

Cisco ASA 5585-X Firewall Edition SSP-60 bundle includes 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers,
dual AC power, 3DES/AES license

ASA5585-S60-2A-K8

Cisco ASA 5585-X Firewall Edition SSP-60 bundle includes 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers,
dual AC power, 3DES/AES license

ASA5585-S60-2A-K9

Cisco ASA 5585-X IPS Edition Bundles

Cisco ASA 5585-X IPS Edition SSP-10 IPS SSP-10 bundle includes firewall services, 8 Gigabit Ethernet interfaces, 2 Gigabit Ethernet SFP interfaces, 2 Gigabit Ethernet management interfaces, 5000 IPsec VPN peers, 2 Premium VPN peers, DES license

ASA5585-S10P10-K8

Cisco ASA 5585-X IPS Edition SSP-10 IPS SSP-10 bundle includes firewall services, 8 Gigabit Ethernet interfaces, 2 Gigabit Ethernet SFP interfaces, 2 Gigabit Ethernet management interfaces, 5000 IPsec VPN peers, 2 Premium VPN peers, 3DES/AES license

ASA5585-S10P10-K9

Cisco ASA 5585-X Security Plus IPS Edition SSP-10 IPS SSP-10 bundle includes firewall services, 8 Gigabit Ethernet interfaces, 2 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 5000 IPsec VPN peers, 2 Premium VPN peers, dual AC power, 3DES/AES license

ASA5585-S10P10XK9

Cisco ASA 5585-X IPS Edition SSP-20 IPS SSP-20 bundle includes firewall services, 8 Gigabit Ethernet interfaces, 2 Gigabit Ethernet SFP interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, DES license

ASA5585-S20P20-K8

Cisco ASA 5585-X IPS Edition SSP-20 IPS SSP-20 bundle includes firewall services, 8 Gigabit Ethernet interfaces, 2 Gigabit Ethernet SFP interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, 3DES/AES license

ASA5585-S20P20-K9

Cisco ASA 5585-X Security Plus IPS Edition SSP-20 IPS SSP-20 bundle includes firewall services, 8 Gigabit Ethernet interfaces, 2 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, dual AC power, 3DES/AES license

ASA5585-S20P20XK9

Cisco ASA 5585-X IPS Edition SSP-40 IPS SSP-40 bundle includes firewall services, 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers,
2 Premium VPN peers, dual AC power, DES license

ASA5585-S40P40-K8

Cisco ASA 5585-X IPS Edition SSP-40 IPS SSP-40 bundle includes firewall services, 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces,10,000 IPsec VPN peers,
2 Premium VPN peers, dual AC power, 3DES/AES license

ASA5585-S40P40-K9

Cisco ASA 5585-X IPS Edition SSP-60 IPS SSP-60 bundle includes firewall services, 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces,10,000 IPsec VPN peers,
2 Premium VPN peers, dual AC power, 3DES/AES license

ASA5585-S60P60-K8

Cisco ASA 5585-X IPS Edition SSP-60 IPS SSP-60 bundle includes firewall services, 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces,10,000 IPsec VPN peers,
2 Premium VPN peers, dual AC power, 3DES/AES license

ASA5585-S60P60-K9

Cisco ASA 5585-X SSL/IPsec VPN Edition Bundles

Cisco ASA 5585-X SSL/IPsec VPN Edition SSP-10 Bundle includes 5000 IPsec VPN peers, 5000 Premium VPN peers, firewall services, 8 Gigabit Ethernet interfaces, 2 management interfaces, 3DES/AES license

ASA5585-S10-5K-K9

Cisco ASA 5585-X SSL/IPsec VPN Edition SSP-20 Bundle includes 10,000 IPsec VPN peers, 10,000 Premium VPN peers, firewall services, 8 Gigabit Ethernet interfaces, 2 management interfaces, 3DES/AES license

ASA5585S20-10K-K9

Cisco ASA 5585-X SSL/IPsec VPN Edition SSP-40 Bundle includes 10,000 IPsec VPN peers, 10,000 Premium VPN peers, firewall services, 8 Gigabit Ethernet interfaces, 2 management interfaces, 3DES/AES license

ASA5585S40-10K-K9

Cisco ASA 5585-X SSL/IPsec VPN Edition SSP-60 Bundle includes 10,000 IPsec VPN peers, 10,000 Premium VPN peers, firewall services, 8 Gigabit Ethernet interfaces, 2 management interfaces, 3DES/AES license

ASA5585S60-10K-K9

Cisco ASA 5585-X Firewall IPS VPN Premium Bundles

Cisco ASA 5585-X Integrated Edition SSP-10 IPS SSP-10 Bundle with firewall services, IPS services, 5,000 IPsec VPN peers, 5,000 Premium VPN peers, 16 Gigabit Ethernet interfaces, 4 Gigabit Ethernet SFP interfaces,
4 management interfaces, 3DES/AES license

ASA5585-S10P10SK9

Cisco ASA 5585-X Integrated Edition SSP-20 IPS SSP-20 Bundle with firewall services, IPS services, 10,000 IPsec VPN peers, 10,000 Premium VPN peers, 16 Gigabit Ethernet interfaces, 4 Gigabit Ethernet SFP interfaces,
4 management interfaces, 3DES/AES license

ASA5585-S20P20SK9

Cisco ASA 5585-X Integrated Edition SSP-40 IPS SSP-40 Bundle with firewall services, IPS services, 10,000 IPsec VPN peers, 10,000 Premium VPN peers, 12 Gigabit Ethernet interfaces, 8 10 Gigabit Ethernet SFP+ interfaces,
4 management interfaces, 3DES/AES license

ASA5585-S40P40SK9

Cisco ASA 5585-X Integrated Edition SSP-60 IPS SSP-60 Bundle with firewall services, IPS services, 10,000 IPsec VPN peers, 10,000 Premium VPN peers, 12 Gigabit Ethernet interfaces, 8 10 Gigabit Ethernet SFP+ interfaces,
4 management interfaces, 3DES/AES license

ASA5585-S60P60SK9

Cisco ASA 5585-X Security Services Processors and IPS Security Services Processors

Cisco ASA 5585-X Security Services Processor-10 (SSP-10)

ASA-SSP-10-K8=

Cisco ASA 5585-X Security Services Processor-20 (SSP-20)

ASA-SSP-20-K8=

Cisco ASA 5585-X Security Services Processor-40 (SSP-40)

ASA-SSP-40-K8=

Cisco ASA 5585-X Security Services Processor-60 (SSP-60)

ASA-SSP-60-K8=

Cisco ASA 5585-X IPS Security Services Processor-10 (SSP-10)

ASA-SSP-IPS10-K9=

Cisco ASA 5585-X IPS Security Services Processor-20 (SSP-20)

ASA-SSP-IPS20-K9=

Cisco ASA 5585-X IPS Security Services Processor-40 (SSP-40)

ASA-SSP-IPS40-K9=

Cisco ASA 5585-X IPS Security Services Processor-60 (SSP-60)

ASA-SSP-IPS60-K9=

Cisco ASA 5585-X DC Power Supplies

Cisco ASA 5585 DC Power Supply (configurable option)

ASA5585-DC-PWR

Cisco ASA 5585 DC Power Supply (spare)

ASA5585-DC-PWR=

Cisco ASA 5585-X SSP60 DC Power bundle

ASA5585-S60-2D-K9

Cisco ASA 5585-X SSP40 DC Power bundle

ASA5585-S40-2D-K9

To Download the Software

Visit the Cisco Software Center to download Cisco ASA Software.

Service and Support

Cisco services help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business.

Included in the "Operate" phase of the service lifecycle are Cisco Security IntelliShield® Alert Manager Service, Cisco SMARTnet®, Cisco Service Provider Base, and Cisco Services for IPS. These services are suitable for enterprise, commercial, and service provider customers.

Cisco Security IntelliShield Alert Manager Service provides a customizable, web-based threat and vulnerability alert service that allows organizations to easily access timely, accurate, and credible information about potential vulnerabilities in their environment.

Cisco Services for IPS supports modules, platforms, and bundles of platforms and modules that feature Cisco IPS capabilities. Cisco SMARTnet and Cisco Service Provider Base support other products in this family.

For More Information

For more information, please visit the following links:

Cisco ASA 5500-X Series Next-Generation Firewalls: http://www.cisco.com/en/US/products/ps6120/index.html.

Cisco ASA Next-Generation Firewall Services: http://www.cisco.com/en/US/products/ps12521/index.html.

Cisco Cloud Web Security: http://www.cisco.com/en/US/products/ps11720/index.html.

Cisco TrustSec Solutions: http://www.cisco.com/en/US/netsol/ns1051/index.html.

Cisco AnyConnect Secure Mobility: http://www.cisco.com/en/US/netsol/ns1049/index.html.

Cisco Security Manager: http://www.cisco.com/en/US/products/ps6498/index.html.

Cisco Adaptive Security Device Manager: http://www.cisco.com/en/US/products/ps6121/index.html.

Cisco Security Services: http://www.cisco.com/en/US/products/svcs/ps2961/ps2952/serv_group_home.html.

Cisco ASA 5500-X Series Next-Generation Firewall Licensing Information: http://www.cisco.com/en/US/products/ps6120/products_licensing_information_listing.html.



[1] Maximum throughput with UDP traffic measured under ideal test conditions.
[2] “Multiprotocol” refers to a traffic profile consisting primarily of TCP-based protocols and applications like HTTP, SMTP, FTP, IMAPv4, BitTorrent, and DNS.
[3] Available for the firewall feature set.
[4] Firewall traffic that does not go through IPS SSP module can have higher throughput.
[5] Throughput was measured using Cisco ASA CX Software Release 9.1.1 with multiprotocol traffic profile with both Cisco Application Visibility Control (AVC) and Cisco Web Security Essentials (WSE). Traffic logging was enabled as well.
[6] VPN throughput and sessions count depend on the Cisco ASA device configuration and VPN traffic patterns. These elements should be taken into consideration as part of your capacity planning. Maximum throughput numbers are based on IPsec IKEv1 Remote Access VPN Connectivity.
[7] Separately licensed feature; includes two SSL licenses with base system.
[8] Available for the firewall feature set.