Delivering Safe, Secure, and Flexible Remote Access to Any Location
Today's remote-access VPN deployments require the ability to safely and easily extend corporate network access beyond managed desktops to different users devices, while protecting these endpoints and key corporate resources from ever-evolving threats.
Secure Remote Access, powered by the Cisco
® ASA 5500 Series SSL/IPsec VPN Edition enables organizations to securely and seamlessly provide resources access to a broad array of users, contractors, and business partners on the largest variety of mobile and fixed endpoints.
Supporting a wide range of deployment and application environments, the ASA 5500 Series delivers maximum value to your organization with the most comprehensive set of Secure Socket Layer (SSL) and IP security (IPsec) VPN features, performance, and scalability in the industry. The solution, comprised of a single unified platform: the ASA 5500 series and the AnyConnect Secure Mobility Client, enables organizations to use a powerful combination of seamless controlled access and market-proven, best-of-breed firewall, intrusion prevention inspection and web threat prevention that enables mobile workers to be productive while protecting corporate interests. With inclusive support for unrestricted full-network access, as well as controlled access to select web-based applications and network resources, the platform provides the flexibility required by any VPN deployment (Figure 1).
Industry-Leading Secure Mobility Technology for Your Organization
The ASA 5500 series VPN Edition offers the growing list of AnyConnect industry-leading Secure Mobility features and the simplicity and ubiquity of clientless secure access. The ASA - AnyConnect Secure Mobility solution is easy to deploy and simple to use. Its client and clientless options respond securely and dynamically to today's wide array of fixed and mobile endpoint requirements by offering granular access controls and robust endpoint security. As a result, it maintains the integrity of confidential information to solve the unique challenges associated with diverse user groups and endpoints accessing the enterprise network. The AnyConnect Secure Mobility solution also offers integrated web security protection via the AnyConnect client. By seamlessly redirecting select traffic to either an on-premise appliance, or to a cloud-based service for off-VPN web traffic protection, the AnyConnect client provides consistent policy and security without having to backhaul public Internet-bound traffic.
Figure 1. Customizable SSL VPN and IPsec Services for Any Deployment Scenario
Cisco ASA 5500 Series-Secure Remote Access: Profile and Benefits
Deployment flexibility: Extends the appropriate remote-access VPN technology, either clientless or full network (SSL/TLS, DTLS, IPsec IKEv1 or IKEv2) access, on a per-session basis, depending on the user group or endpoint accessing the network, its security posture, and administration's policies.
Comprehensive network access: Broad application and network resource access is provided through Cisco's AnyConnect Secure Mobility client, an automatically downloadable network-tunneling client that enables access to virtually any corporate application or resource.
Ubiquitous clientless access: Delivers secure remote access to authenticated users on both managed and unmanaged endpoints, enabling increased productivity by providing "anytime access" to the network.
Granular control: Empowers network and IT management to provide and monitor controlled access to corporate resources and applications.
Seamless connectivity: The Cisco AnyConnect Secure Mobility client automatically connects or disconnects a user session based on the user's location and network availability, providing a transparent secure connectivity experience to the roaming worker, who in turns gains in productivity and flexibility.
Optimized performance: The Cisco AnyConnect Secure Mobility client provides an optimized VPN connection for latency-sensitive traffic, such as voice over IP (VoIP) traffic or TCP-based application access. AnyConnect can automatically determine and establish connectivity to the most optimal network access point.
Consistent security: Enables high scale secure mobility protection by extending location-aware security policies to every transaction when using AnyConnect Secure Mobility with integrated web security. The user's location and the nature of the corporate resources accessed (for instance, an enterprise/"in-house" application versus a SaaS application) define the level of Acceptable Use Policies, malware protection and Data Security policies. AnyConnect is optimized for use with the Cisco IronPort® Web Security Appliance and the Cisco ScanSafe cloud-based Web Security service. Both deployment options provide Cisco's industry leading usage policy enforcement and protection of enterprise resources from both known and zero-day malware.
Unparalleled management flexibility: Simplifies the complexity of managing diverse remote-access connectivity requirements common in today's enterprise.
Low total cost of ownership: Reduces expensive help-desk calls associated with network connectivity issues and eliminates the administration costs of managing client software on every endpoint.
Combined Technologies for Enhanced Capabilities: SSL and IPsec VPN in One Platform
In addition to the SSL VPN features, users can also take advantage of Cisco's award-winning IPsec VPN technology. By offering converged, state of the art SSL and IPsec (IKEv1 and IKEv2) VPN technologies on a single platform, the ASA 5500 Series delivers a highly customizable, simple, flexible one-box solution for diverse VPN deployment environments, eliminating the cost of deploying parallel remote-access solutions.
Cisco ASA 5500 Product Family
The Cisco ASA 5500 Series delivers site-specific scalability from the smallest business and small office/home office (SOHO) deployments to the largest enterprise networks with its 11 models, shown in Figure 2. Each model is built with concurrent services scalability, investment protection, and future technology extensibility as its foundation. Table 1 lists the specifications of the Cisco ASA 5500 Series models.
Figure 2. Cisco ASA 5500 Series Products
Table 1. Specifications of Cisco ASA 5500 Series Adaptive Security Appliance Models
1Devices include a license for two Premium VPN users for evaluation and remote management purposes. The total concurrent IPsec and SSL (clientless and tunnel-based) VPN sessions may not exceed the maximum concurrent IPsec session count shown in the chart. The SSL/IPsec IKEv2 VPN session number (clientless or AnyConnect client) may also not exceed the number of licensed sessions on the device. The ASA 5580 supports greater simultaneous users than the ASA 5550 at comparable overall SSL VPN throughput to the ASA 5550. VPN throughput and sessions count depend on the ASA device configuration and VPN traffic patterns. These elements should be taken in to consideration as part of your capacity planning.
2Upgrade is available with Cisco ASA 5510 Security Plus license.
Tables 2 through 6 provide a subset of ordering information for Cisco AnyConnect Premium SSL VPN Edition bundles and licenses, as well as for Cisco AnyConnect Essentials licenses. For additional licensing details, please see the
Cisco Secure Remote Access: VPN Licensing Overview. Premium licenses may be purchased for either single devices or for a shared environment.
All Cisco ASA 5500 Series appliances include the maximum number of IPsec (IKEv1) concurrent users in the base configuration of the chassis.
The use of the AnyConnect client can be enabled through the purchase of an Essential VPN license, which enables the basic AnyConnect features, including IPsec IKEv2 and SSL VPN access.
Every Cisco ASA 5500 Series model can support clientless VPN, the advanced AnyConnect features, and the Cisco Secure Desktop (CSD) features through the purchase of a Premium VPN license. Premium VPN on the Cisco ASA 5500 Series may be purchased under a single part number as an edition bundle, or the chassis and SSL VPN feature license may be purchased separately, as indicated in Table 3. Premium licenses can be applied to an individual ASA (single-device license), or to an ASA acting as a shared license server.
Most licenses are available for electronic delivery, which significantly speeds up license fulfillment time. To order a license electronically, be sure to choose to order part number(s) that begin with "L."
Cisco and its partners provide services that can help you deploy and manage security solutions. Cisco has adopted a lifecycle approach to services that addresses the necessary set of requirements for deploying and operating Cisco adaptive security appliances, as well as other Cisco security technologies. This approach can help you improve your network security posture to achieve a more available and reliable network, prepare for new applications, lower your network costs, and maintain network health through day-to-day operations. For more information about Cisco Security Services, visit
For More Information
For more information, please visit the following links: