Cisco ASA 5500-X Hardware Installation Guide
Information about the ASA 5500-X
Downloads: This chapterpdf (PDF - 495.0KB) The complete bookPDF (PDF - 16.34MB) | Feedback

Table of Contents

About the ASA 5500-X

Cisco ASA 5500-X Series Chassis Overview

Internal and External USB Flash Drives

Internal USB Drive

External USB Drives (Optional)

USB Online Insertion and Removal

FAT-32 File System

Viewing Flash Memory

Solid State Drives

Management 0/0 Interface

Alarm LED

ASA 5500-X I/O Cards

SFP Modules

ASA Chassis Panels

Front Panel LEDs

Rear Panel LEDs

Rear Panel Ports

Power Supply

Hardware Specifications

About the ASA 5500-X

This chapter describes the Cisco ASA 5512-X, 5515-X, 5525-X, 5545-X, and 5555-X models. We recommend that you read this entire guide before beginning any of the procedures contained herein.


Warning Only trained and qualified personnel should install, replace, or service this equipment. Statement 49



Caution Read the safety warnings in the Regulatory Compliance and Safety Information document for the Cisco ASA 5500-X ( http://www.cisco.com/c/en/us/td/docs/security/asa/hw/regulatory/compliance/asa5500x_rcsi.html), and follow proper safety procedures when performing any tasks in this guide.

This chapter includes the following topics:

Cisco ASA 5500-X Series Chassis Overview

The Cisco ASA 5500-X series is a family of next-generation mid-range ASAs that are built on the same security platform as the rest of the ASA family. These next-generation ASAs provide more firewall throughput (4X firewall throughput), better scaling, more Ethernet ports (up to 14 Gigabit Ethernet ports), optional ASA CX SSP, ASA IPS SSP, or FirePOWER SSP modules, and redundant power supplies on the 5545-X and 5555-X models.

For More Information

  • For information about ASA 5500-X performance, see the “Hardware Specifications” section.
  • For a complete list of the Cisco ASA 5500 series documentation sets, refer to the following URL:

http://www.cisco.com/en/US/docs/security/asa/roadmap/asaroadmap.html

  • For a complete list of Cisco ASA 5500-X series install and upgrade guides, including a list of quick-start guides for the various Security Services Processors, refer to the following URL:

http://www.cisco.com/c/en/us/support/security/asa-5500-series-next-generation-firewalls/products-installation-guides-list.html

Internal and External USB Flash Drives

The Cisco ASA 5500-X series chassis has internal and (optional) external USB drives.

Internal USB Drive

An embedded USB (eUSB) device is used as the internal flash ( disk0 ). See the “Hardware Specifications” section for the size shipped with each model.

External USB Drives (Optional)

The ASA 5500-X series supports external USB flash drives for data storage. The ASA 5500-X series use disk1 as the external USB flash drive identifier. When the ASA is powered on, an inserted USB flash drive is mounted to disk1 and available for you to use. Additionally, the file system commands that are available to disk 0 are also available to disk1, including copy , format , delete , mkdir , pwd , cd , and so on. When you remove the USB flash drive, the system unmounts disk1, and disk1 becomes an invalid file system label that you can no longer access.

If you insert a USB drive with more than one partition, only the first partition is mounted.

USB Online Insertion and Removal

While the ASA back panel has two USB slots, only one is supported for online insertion and removal (OIR), with priority given to the USB drive that was inserted first. For example, based on the time sequence, the first inserted USB flash drive is mounted to disk1, regardless of the slot in which you insert it. When you insert a second USB device, an error message appears on the console to notify you that an extra, unsupported USB flash drive exists. Removing either one of the USB devices does not change the priority that you just established. To change the priority you must safely remove the USB device and begin again to establish the desired priority.

FAT-32 File System

The ASA 5500-X series supports only FAT-32-formatted file systems for the eUSB and external USB drives. If you insert an external USB drive that is not in FAT-32 format, the system mounting process fails, and you receive an error message. You can enter the format disk1: command to format the partition to FAT 32 and mount the partition to disk1 again; however, data might be lost.

Viewing Flash Memory

To check the amount of free flash memory on the ASA, you have two options:

  • ASDM—Choose Tools > File Management . The amount of available memory appears in the bottom left of the pane.
  • CLI—In privileged EXEC mode, enter the dir command. The amount of available memory appears at the bottom of the output.

Solid State Drives

You must install a Cisco Solid State Drive (SSD) for use with the ASA CX or FirePOWER SSP. Only Cisco SSDs are supported. You can install one SSD in the ASA 5512-X, ASA 5515-X, and ASA 5525-X. You can install two SSDs in a RAID 1 configuration in the ASA 5545-X and ASA 5555-X.


NoteWhen you install an SSD for the first time, you must reload the ASA and then re-image the installed SSP.


The SSD is hot-swappable. The SSD resides in a carrier, which you install into the drive bay. You can use the SSD with an AC or DC power supply. See Installing and Removing A Solid State Drive for An SSP for more information.

Management 0/0 Interface

You manage the ASA through the Management 0/0 interface. The Management 0/0 interface has the following characteristics:

  • No through-traffic support
  • No subinterface support
  • No priority queue support
  • No multicast MAC support
  • The FirePOWER, IPS, or CX SSP software module and the ASA share the Management 0/0 interface; however, each has its own separate MAC and IP addresses. You must configure the module IP address within the module operating system. However, you configure physical characteristics (such as enabling the interface) on the ASA.

The Management 0/0 interface is configured for management-only traffic, and you cannot disable management-only for the Management interface. Also, because the ASA 5500-X models do not allow subinterfaces on the Management interface, for per-context management, you must connect to a data interface for management.

The Management 0/0 interface is configured for ASDM access as part of the default factory configuration.

For more information, see the “Rear Panel Ports” section.

Alarm LED

The ASA 5500-X series chassis performs autonomous environmental monitoring, polling all external sensors and monitoring operating conditions. In the event of damage to certain internal components, or surpassed temperature thresholds, the system activates an alarm LED to notify you of a critical condition. For example, the alarm LED is activated by firmware in the event of various critical over-voltage and over-temperature conditions, as well as when the ASA has missing or unrecognized internal chip components. When the alarm LED lights, you can find details about the system condition from the system message that appears on the console, or by entering the show environment or show controller pci CLI commands.


NoteIf you remove one of the power-supply modules from an ASA with redundant power supplies—in other words, one with two power supplies installed—the Alarm LED will light. To turn off the light, you must power-cycle the appliance; that is, turn it completely off and then turn it back on. SeePower Supply for more information about the redundant power-supply configuration. See Removing and Installing the Power Supply for more information about removing a power supply.


ASA 5500-X I/O Cards

The Cisco ASA 5500-X Series six-port GigabitEthernet interface cards extend the I/O capabilities of the ASA 5525-X, ASA 5545-X, and ASA 5555-X models by providing additional GigabitEthernet ports.

The I/O cards provide the following benefits:

  • Segmentation of network traffic into separate security zones
  • Fiber-optic cable connectivity for communications over long distances
  • Load-sharing of traffic, and protection against link failure, using EtherChannel
  • Support for Jumbo Ethernet frames of up to 9000 bytes
  • Protection for Active/Active failover, and for full-mesh firewall deployments against cable failure

For information about installing an I/O card in your ASA, see Chapter4, “Maintenance and Upgrade Procedures for the ASA 5500-X”

SFP Modules

The ASA uses field-replaceable small form-factor pluggable (SFP) modules to establish Gigabit Ethernet connections. Table 1-1 lists the supported SFP modules.

 

Table 1-1 Supported SFP Modules

SFP Module
Type of Connection
Cisco Part Number

1000BASE-T

Copper, twisted pair (RJ-45)

GLC-T=

1000BASE-EX

Single-mode fiber (SMF)

GLC-EX-SMD=

1000BASE-ZX

SMF

GLC-ZX-SMD=

1000BASE-SX

Multi-mode fiber (MMF)

GLC-SX-MM=

1000BASE-LX/LH

MMF/SMF

GLC-LH-SM=

Use only Cisco-certified SFP modules on the ASA. Each SFP module has an internal serial EEPROM that is encoded with security information. This encoding allows Cisco to identify and validate that the SFP module meets the requirements for the ASA.

All SFP ports require cables with LC-type connectors. Minimum cable distance for all SFPs listed (both SMF and MMF) is 2 m (6.5 feet); cables must not exceed specified cable lengths for reliable communications. Table 1-2 lists the fiber-optic cable requirements.

 

Table 1-2 Cabling Requirements for Fiber-optic SFP Modules

SFP Module
Wavelength
Fiber Type
Core Size
Modal Bandwidth (MHz-km) 1
Operating Distance

1000BASE-EX
(GLC-EX-SMD=)

1310 nm

SMF

2

40 km (131,234 ft)

1000BASE-ZX
(GLC-ZX-SMD=)

1550 nm

SMF

~70 km, depending on link loss

1000BASE-SX
(GLC-MM=)

850 nm

MMF

62.5 µm

160 (FDDI grade)

220 m (722 ft)

62.5 µm

200 (OM1)

275 m (902 ft)

50 µm

400 (400/400)

500 m (1640 ft)

50 µm

500 (OM2)

550 m (1804 ft)

50 µm

2000 (OM3)

1000 m (3281 ft)

1000BASE-LX/LH
(GLC-SM=)

1310 nm

MMF3

62.5 µm

500

550 m (1804 ft)

50 µm

400

550 m (1804 ft)

50 µm

500

550 m (1804 ft)

SMF

10 km (32,821 ft)

1.Specified at transmission wavelength.

2.ITU-T G.652 SMF as specified by the IEEE 802.3z standard.

3.An IEEE-standard, mode-conditioning patch cord is required regardless of span length. Note that the mode-conditioning patch cord for 62.5-µm fiber has a different specification than the patch cord for 50-µm fiber.

ASA Chassis Panels

This section describes the front and rear ASA panels, and includes the following topics:

Front Panel LEDs

This section describes the front panel LEDs for the Cisco ASA 5500-X Serieschassis.

Figure 1-1 shows the front panel LEDs for the ASA 5512-X, ASA 5515-X, and ASA 5525-X models.

Figure 1-1 Front Panel LEDs for the Cisco ASA 5512-X, ASA 5515-X, and ASA 5525-X

 

 

 
LED
Description
1

Power button

A soft switch that turns the system on and off. Once pressed, the button stays in the “on” position:

  • On—The power symbol on the button is lit.
  • Off—The power symbol on the button is dark.

For information about the power state, see the “Power Supply Considerations” section.

2

Hard-disk release button

Releases the hard disk from the device.

3

Alarm

System operating status:

  • Off—Normal operating system function.
  • Solid amber—Critical Alarm indicating one or more of the following:

a major failure of a hardware or software component.

an over-temperature condition.

power voltage is outside of the tolerance range.

Note May appear red on some devices.

4

VPN

VPN tunnel status:

  • Solid green—VPN tunnel is established.
  • Off—No VPN tunnel established.
5

HD

Hard Disk Drive status:

  • Flashing green—Proportioned to read/write activity.
  • Solid amber—Hard-disk drive failure.
  • Off—No hard-disk drive present.
6

PS

Power supply status

7

Active

Status of the failover pair:

  • Solid green—Failover pair is operating normally.
  • Off—Failover is not operational.
8

Boot

Power-up diagnostics:

  • Flashing green—Power-up diagnostics are running, or system is booting.
  • Solid green—System has passed power-up diagnostics.
  • Off—Power-up diagnostics are not operational.

Figure 1-2 shows the front panel LEDs for the ASA 5545-X and ASA 5555-X models.

Figure 1-2 Front Panel LEDs for Cisco ASA 5545-X and ASA 5555-X

 

 

 
LED
Description
1

Power button

A soft switch that turns the system on and off. Once pressed, the button stays in the “on” position:

  • On—The power symbol on the button is lit.
  • Off—The power symbol on the button is dark.

For information about the power state, see the “Power Supply Considerations” section.

2

Hard-disk slot

Indicates the slot for hard-disk 1.

3

Hard-disk release button

Releases hard-disk 1 from the device.

4

Hard-disk release button

Releases hard-disk 0 from the device.

5

Hard-disk slot

Indicates the slot for hard-disk 0.

6

Alarm

System operating status:

  • Off—Normal operating system function.
  • Solid amber—Critical Alarm indicating one or more of the following:

a major failure of a hardware or software component.

an over-temperature condition.

power voltage is outside of the tolerance range.

Note May appear red on some devices.

7

VPN

VPN tunnel status:

  • Solid green—VPN tunnel is established.
  • Off—No VPN tunnel established.
8

HD1

Hard Disk Drive 1 status:

  • Flashing green—Proportioned to read/write activity.
  • Solid amber—Hard-disk drive failure.
  • Off—No hard-disk drive present.
9

HD0

Hard Disk Drive 0 status:

  • Flashing green—Proportioned to read/write activity.
  • Solid amber—Hard-disk drive failure.
  • Off—No hard-disk drive present.
10

PS1

Status of the optional redundant power supply.

11

PS0

Status of the primary power supply that ships with the product.

12

Active

Status of the failover pair:

  • Solid green—Failover pair is operating normally.
  • Off—Failover pair is not operational.
13

Boot

Power-up diagnostics:

  • Flashing green—Power-up diagnostics are running, or system is booting.
  • Solid green—System has passed power-up diagnostics.
  • Off—Power-up diagnostics are not operational.

Rear Panel LEDs

Figure 1-3 shows the rear panel LEDs for the ASA 5500-X series chassis.

Figure 1-3 Rear Panel LEDs for ASA 5500-X Series Chassis

 

 

LED
Description
1

Power

Power supply status:

  • Off—Power supply off.
  • Solid green—Power supply on.
2

Alarm

System operating status:

  • Off—Normal operating system function
  • Solid amber—Critical Alarm indicating one or more of the following:

a major failure of a hardware or software component.

an over-temperature condition.

power voltage is outside of the tolerance range.

Note May appear red on some devices.

3

Boot

Power-up diagnostics:

  • Flashing green—Power-up diagnostics are running, or system is booting.
  • Solid green—System has passed power-up diagnostics.
  • Off—Power-up diagnostics are not operational.
4

Active

Status of the failover pair:

  • Solid green—Failover pair is operating normally.
  • Off—Failover pair is not operational.
5

VPN

VPN tunnel status:

  • Solid green—VPN tunnel is established.
  • Off—No VPN tunnel established.
6

HD0

Hard Disk Drive 0 status:

  • Flashing green—Proportioned to read/write activity.
  • Solid amber—Hard-disk drive failure.
  • Off—No hard-disk drive present.
7

HD1

Hard Disk Drive 1 status:

  • Flashing green—Proportioned to read/write activity.
  • Solid amber—Hard-disk drive failure.
  • Off—No hard-disk drive present.

Rear Panel Ports

Figure 1-4 shows the ports for the ASA 5512-X and ASA 5515-X models.

Figure 1-4 Rear Panel Ports for the ASA 5512-X and ASA 5515-X

 

.

 
LED
Description
1

Management 0/0 interface

The GigabitEthernet interface that is restricted to management use only. Connect with an RJ-45 cable.

(See the “Management 0/0 Interface” section.)

2

Power supply

The chassis power supply.

3

RJ-45 ports

The GigabitEthernet customer data interfaces.
The top row port numbers are (from left to right) 5, 3, 1.
The bottom row port numbers are (from left to right) 4, 2, 0.

4

USB Ports

The two USB standard ports.

(See the “Internal and External USB Flash Drives” section.)

5

Console port

The console port used to directly connect a computer to the ASA.

Figure 1-5 shows the ports for the ASA 5525-X.

Figure 1-5 Rear Panel Ports for the ASA 5525-X

 

 

 
LED
Description
1

Management 0/0 interface

The GigabitEthernet interface that is restricted to management use only. Connect with an RJ-45 cable.

(See the “Management 0/0 Interface” section.)

2

Power supply

The chassis power supply.

3

RJ-45 ports

The GigabitEthernet customer data interfaces.
The top row port numbers are (from left to right) 7, 5, 3, 1.
The bottom row port numbers are (from left to right) 6, 4, 2, 0.

4

USB Ports

The two USB standard ports.

(See the “Internal and External USB Flash Drives” section.)

5

Console port

The console port used to directly connect a computer to the ASA.

Figure 1-6 shows the rear panel ports for the ASA 5545-X and ASA 5555-X.

Figure 1-6 Rear Panel Ports for the ASA 5545-X and ASA 5555-X

 

 

 
LED
Description
1

I/O slot

Slot for the optional I/O Card. If you have a fiber-optic I/O card, use SFP modules to connect (not included).

2

Thumbscrew

The screw that tightens and loosens the chassis cover.

3

Management 0/0 port

The GigabitEthernet interface that is restricted to management use only. Connect with an RJ-45 cable.

(See the “Management 0/0 Interface” section.)

4

RJ-45 ports

The GigabitEthernet customer data interfaces.
The top row port numbers are (from left to right) 7, 5, 3, 1.
The bottom row port numbers are (from left to right) 6, 4, 2, 0.

5

Power supplies

Slots for the primary power supply that ships with the device, and the optional redundant power supply.

6

USB ports

The two USB standard ports.

(See the “Internal and External USB Flash Drives” section.)

7

Console port

The console port used to directly connect a computer to the ASA.

8

Rear panel LEDs

Rear panel LEDs. (See the “Rear Panel LEDs for ASA 5500-X Series Chassis” for more information.)

Power Supply

The ASA 5512-X, ASA 5515-X, and ASA 5525-X ship with one fixed fan and one fixed power supply (AC or DC) installed. The ASA 5545-X and ASA 5555-X ship with one power supply (AC or DC) installed. You can add an additional power supply, or you can order these appliances with two power supplies installed. Having two power supplies installed provides a redundant power option. This configuration ensures that if one power supply fails, the other power supply assumes the full load until the failed power supply is replaced. To maintain air flow, an empty bay must be covered, or both bays must be populated with power supplies. If only one power supply is installed, make sure that it is installed in slot 0 (left slot) and that slot 1 (right slot) is covered with a slot cover. If only one power supply is installed, do not remove the power supply unless the appliance has been powered off. Removing the only operational power supply causes an immediate power loss.


NoteThe ASA 5545-X and ASA 5555-X can support two AC or two DC power supplies. Do not mix AC and DC power supply units in the same chassis.


The power supplies each provide 400 W of output power, and are used in a 1 + 1 redundant configuration. There is no input switch on the faceplate of the power supplies.

The Cisco ASA 5500-X series hardware operates on AC power, and supports the ability to restore the previous power state of the system in the event that AC power is lost.

The power supply is switched from Standby to ON by way of a system chassis STANDBY/ON switch. Earlier ASAs (V01) require you to turn on the power with the power switch. Newer ASAs (V02) automatically turn on when you plug in the power cable. To determine your version, do one of the following:

  • At the CLI prompt, enter the show inventory command and look for V01 or V02 in the output.
  • On the back of the chassis, look at the VID PID label for V01 or V02.

For the V01 chassis, see the following limitations:

  • The ASA requires 50 seconds from the time that AC power is applied before the power state can be updated and stored. This means that any changes to the power state within the first 50 seconds of applying AC power will not be observed if AC power is removed within that time.
  • The ASA requires 10 seconds from the time it is placed into standby mode before the power state can be updated and stored. This means any changes to the power state within the first 10 seconds of entering standby mode (including the standby mode itself) will not be observed if AC power is removed within that time.

For the V02 chassis, the above limitations to not apply.

The power supply slot numbers are on the back of the chassis to the left side of each power supply. When facing the back of the chassis, power supply slot 0 (PS0) is to the left and power supply slot 1(PS1) is to the right. By default, a single power supply is installed in slot 0.

The ASA supports the following power supplies:

  • AC power supply—Provides 400 watt output power with two DC voltage outputs: +12 V and +5 V. The AC power supply operates between 85 and 264 VAC. The AC power supply current shares on the 12 V output and is used in a dual hot-pluggable configuration. The AC power supply consumes a maximum of 471 W of input power.
  • DC power supply—Provides 400 watt output power with two DC voltage outputs: +12 V and +5.0 V. The power supply operates between –40.5 and –72 VDC. The DC power supply current shares on the 12 V output and is used in a dual hot-pluggable configuration. The DC power supply consumes a maximum of 500 W of input power.

Figure 1-7 shows both the removable AC (on the left) and DC (on the right) power supplies for the ASA 5545-X and ASA 5555-X.

Figure 1-7 AC Power Supply and DC Power Supply

 

 

1

Power supply indicator

2

DC power supply positive connection

3

DC power supply neutral connection

4

DC power supply negative connection

Table 1-3 describes the power supply indicator. The function of the indicator is the same for both the AC and DC power supplies.

 

Table 1-3 AC and DC Power Supply Indicator

Indicator Color and State
Description

Solid green

Power output is on and within the normal operating range.

Blinking green, at the rate of one blink per second

Input power that is within the normal operating range is being supplied, but the Standby switch is in the Standby position (that is, appliance is not On).

Solid amber

A power-supply critical event has occurred, and the power supply has shut down. The critical event can be temperature, voltage, current, or fan operating outside the normal operating range.

Blinking amber, at the rate of one blink per second

A power-supply warning event has occurred, but the power supply can continue to operate. The warning event can be temperature, voltage, current, or fan operating outside the normal operating range.

Off

The power supply is shut down.

Hardware Specifications

Table 1-4 contains hardware specifications for the ASA 5500-X series models.

 

Table 1-4 Hardware Specifications for the Cisco ASA 5500-X Series

ASA 5512-X
ASA 5515-X
ASA 5525-X
ASA 5545-X
ASA 5555-X
Physical Specifications

Form-factor

1RU, 19-in

1RU, 19-in

1RU, 19-in

1RU, 19-in

1RU, 19-in

Rack mountable

Yes.
Brackets included,
slide rails optional

Yes.
Brackets included,
slide rails optional

Yes.
Brackets included,
slide rails optional

Yes.
Slide rails included.

Yes.
Slide rails included.

Dimensions

1.67x16.7x15.6 in
4.24x42.9x39.5 cm

1.67x16.7x15.6 in
4.24x42.9x39.5 cm

1.67x16.7x15.6 in
4.24x42.9x39.5 cm

1.67x16.7x19.1 in
4.24x42.9x48.4 cm

1.67x16.7x19.1 in
4.24x42.9x48.4 cm

Weight—single power supply

13.39 lb.

13.39 lb.

14.92 lb.

16.82 lb.

16.82 lb.

Weight—dual power supply

N/A

N/A

N/A

18.86 lb.

18.86 lb.

Technical Specifications

DRAM Memory

4 GB

8 GB

8 GB

12 GB

16 GB

Internal Flash

4 GB

8 GB

8 GB

8 GB

8 GB

Power Supply Information

Power supply

400 W

400W

400W

450W

450W

Redundant power supply available

No

No

No

Yes

Yes

Operating Conditions

Temperature

-5°C to 40°C
(23°F to 104°F)

-5°C to 40°C
(23°F to 104°F)

-5°C to 40°C
(23°F to 104°F)

-5°C to 40°C
(23°F to 104°F)

-5°C to 40°C
(23°F to 104°F)

Relative humidity

90%

90%

90%

90%

90%

Altitude

10,000 ft.

10,000 ft.

10,000 ft.

10,000 ft.

10,000 ft.

Non-Operating Conditions

Temperature

-25°C to 70°C
(-13°F to 158°F)

-25°C to 70°C
(-13°F to 158°F)

-25°C to 70°C
(-13°F to 158°F)

-25°C to 70°C
(-13°F to 158°F)

-25°C to 70°C
(-13°F to 158°F)

Relative humidity

10% to 90%

10% to 90%

10% to 90%

10% to 90%

10% to 90%

Altitude

15,000 ft.

15,000 ft.

15,000 ft.

15,000 ft.

15,000 ft.

For additional specifications on the ASA 5512-X and ASA 5515-X models, see the product data sheet at the following URL:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/data_sheet_c78-701253.html

For additional specifications on the ASA 5525-X ASA 5545-X and ASA 5555-X models, see the product data sheet at the following URL:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/data_sheet_c78-701808.html