General Description
The Cisco ISA 3000 is a DIN Rail mounted ruggedized industrial security appliance that provides firewall, threat defense, and VPN services. The term DIN Rail describes a metal rail of a standard type widely used for mounting circuit breakers and industrial control equipment inside equipment racks. The term derives from the original specifications published by Deutsches Institut für Normung (DIN) in Germany. The device can run either the ASA or Firepower Threat Defense operating system.
The Cisco ISA 3000 is low-power, fan-less, with Gigabit Ethernet and a dedicated management port. There are two SKUs:
-
ISA3000-4C-K9 — Copper SKU with 4x10/100/1000Base-T with a management port.
-
ISA3000-2C2F-K9 — Fiber SKU with 2x1GbE SFP and 2x10/100/1000Base-T with a management port.
The following figures show the front panel details of the two SKUs
The following figure describes the front panel features:
PIN |
Description |
PIN |
Description |
---|---|---|---|
1 |
Reset Pinhole Access |
10 |
RJ45 10/100/100 BaseT Connectors 1&2 |
2 |
Console LED |
11 |
On the ISA-3000-2C2F SKU, these are the SFP sockets. On the ISA-3000-4C SKU, these are RJ45 10/100/100 BaseT Connectors 3&4 |
3 |
System LED |
12 |
1GB removable SD flash memory card slot |
4 |
Console connector (RJ-45) |
13 |
Alarm Connectors |
5 |
Console connector (mini-USB) |
14 |
Grounding Point |
6 |
USB connectors |
15 |
Alarm LEDs |
7 |
Management Interface |
16 |
DC Power LEDs |
8 |
DC power connection A |
17 |
Gigabit Ethernet LEDs |
9 |
DC power connection B |
18 |
Management LED |
ISA 3000 Shutdown
There is a new graceful shutdown option supported for Firepower Threat Defense as of 7.0.2/7.2. There is also an LED change new for 7.0.5/7.3. Use shutdown when you intend to remove the device from the network, for example to replace it, or for any scheduled maintenance.
There is no change to procedures with ASA.
Note |
It is recommended to wait for10 seconds after the System LED is switched OFF to unplug the power from the device. |
After shutting down the device, you can turn it back on only by Power cycling the device. There is no hardware On/Off switch for the device on the chassis. Power up the device to restart the device again.
LEDs
The following table describes the LEDs for the Cisco ISA 3000.
LED |
Activity |
Description |
---|---|---|
System |
Power Status |
Off — No power Green Steady on — Normal operation Green Flashing — Boot up phase Red Flashing — BIOS and POST Red — System is not functioning properly. |
MGMT |
Management Port Status |
Off — No link (default) Green Steady on — Port link with no activity Green Flashing — Transmitting and Receiving data |
DC_A DC_B |
DC Power Status |
Off — Power is not present Green Steady on — Power is present on the associated circuit. (Hardware controlled) Red Steady on — Power is not present on the associated circuit, and the system is configured for dual-input power |
Alarm Out |
Alarm monitoring |
Off — Alarm Out not configured or the system is off (Default) Green Steady on — Alarm Out is configured, no alarm detected. Red Steady on — Minor alarm detected Red Flashing — Major alarm detected |
Alarm In 1&2 |
Alarm monitoring |
Off — Alarm In not configured or the system is off (Default) Green Steady on — Alarm In is configured, no alarm detected. Red Steady on — Minor alarm detected Red Flashing — Major alarm detected |
Ethernet Ports |
Link Status |
Off — No link Green Steady on — Link is up Green Flashing — Transmitting and Receiving data Amber — Fault, check log Port 1&2 and in the copper SKU, 3&4 LEDs fast blink amber together — Those two ports are in bypass mode. |
Console |
Console connection Status |
Off — RJ-45 is being used for console Green — Mini USB is being used for console |
Memory and Storage
The Cisco ISA 3000 has the following:
-
8-GB DRAM (soldered down).
-
16-GB onboard flash memory
-
64-GB mSATA solid state drive (SSD)
-
1-GB removable SD flash memory card - industrial temp
USB Ports
The Cisco ISA 3000 has two externally accessible Type-A USB (4-pin) connectors. Each USB port will support output powering of 5 volts and up to a maximum of 500 mA.
Management Ethernet Port
A management-only 10/100/1000 BaseT Ethernet port is provided. This port will be the only port able to be used for booting over the network, or for initial setup and management of the system. This port is Management 1/1 in the configuration.
Console Port
The Cisco ISA 3000 can be configured through a web interface, or through the console port. The console port is either a RJ45 or a Mini USB connector. A standard management cable (Part number 72-3383-01) can be used to convert the RJ45 to DB9 connector.
The default configuration settings for the RJ45 console port are:
-
9600 baud, 8 data bits, no parity, 1 stop bit, no flow control.
-
If the USB Console Port is active (cable inserted and remote PC drivers are enabled) by default the console will switch from RJ45 to USB when the USB cable is detected. If both ports are connected, the Mini USB console port is used.
If your laptop or PC warns you that you do not have the proper drivers to communicate with the device, you can obtain them from your computers manufacturer, or go here:
https://software.cisco.com/download/home/282774227/type/282855122/release/3.1
The following table shows the pin-outs for the CON/AUX RJ-45 connector:
Pin |
Signal |
Direction |
---|---|---|
1 |
DTR |
Output |
2 |
3.3 |
Output |
3 |
TXD |
Output |
4 |
GND |
- |
5 |
GND |
- |
6 |
RXD |
Input |
7 |
- |
NC |
8 |
- |
NC |
Note |
The console port will not support a remote dial-in modem. |