Downloads |
Table Of Contents
ASA 5500 and Module Compatibility
ASA Services Module and Catalyst 6500 Compatibility
Identity Firewall Active Directory PC Requirements
DRAM, Flash Memory, and Failover
PIX 500 and ASDM Compatibility
Cisco ASA Compatibility
May 21, 2012
This document lists the Cisco ASA software and hardware compatibilityand requirements. This document also lists the older PIX 500 series compatibility.
This document includes the following sections:
•
ASA 5500 and Module Compatibility
•
•
•
ASA and ASDM Compatibility
Table 1 shows the ASA software and ASDM compatibility for each ASA model.
ASA 5500 and Module Compatibility
Table 2 shows the modules supported on each ASA model. To see the ASDM versions supported for each ASA version on your model, see the "ASA and ASDM Compatibility" section.
Table 2 ASA Module Compatibility
ASA 5505
Advanced Inspection and Prevention (AIP) SSC-5
6.22
ASA 8.2(1) and later
ASA 5510
AIP SSM-10
5.03
ASA 7.0(1) and later
ASA 7.0(1) and later
6.0
ASA 7.2(1) and later
6.1
ASA 8.0(2) and later
6.2
ASA 8.0(2) and later
7.0
ASA 8.0(2) and later
Content Security and Control (CSC) SSM-10 and -20
6.0
ASA 7.1(1)
6.1
ASA 7.1(1) and later
6.2
ASA 7.1(1) and later
6.35
ASA 7.1(1) and later
6.6
ASA 8.4(2) and later
4GE SSM
N/A
ASA 7.0(4) and later
ASA 5520
AIP SSM-10 and -20
5.03
ASA 7.0(1) and later
ASA 7.0(1) and later
6.0
ASA 7.2(1) and later
6.1
ASA 8.0(2) and later
6.2
ASA 8.0(2) and later
7.0
ASA 8.0(2) and later
CSC SSM-10 and -20
6.0
ASA 7.1(1)
6.1
ASA 7.1(2) and later
6.2
ASA 7.2(1) and later
6.35
ASA 7.2(1) and later
6.6
ASA 8.4(2) and later
4GE SSM
N/A
ASA 7.0(4) and later
ASA 5540
AIP SSM-20
5.03
ASA 7.0(1) and later
ASA 7.0(1) and later
6.0
ASA 7.2(1) and later
6.1
ASA 8.0(2) and later
6.2
ASA 8.0(2) and later
7.0
ASA 8.0(2) and later
AIP SSM-40
6.0(4) and later
ASA 8.0(4) and later
6.1
ASA 8.0(4) and later
6.2
ASA 8.0(4) and later
7.0
ASA 8.0(4) and later
CSC SSM-10 and -20
6.0
ASA 7.1(1)
6.1
ASA 7.1(2) and later
6.2
ASA 7.2(1) and later
6.35
ASA 7.2(1) and later
6.6
ASA 8.4(2) and later
4GE SSM
N/A
ASA 7.0(4) and later
ASA 5550
No support (the 4GE SSM is built-in and not user-removable)
N/A
N/A
ASA 5580
No support
N/A
N/A
ASA 5512-X, 5515-X, 5525-X, 5545-X, 5555-X
IPS SSP software module
7.1(3)
ASA 8.6(1)
ASA 5585-X6
SSP-20 and -60, single SSP
(See ASA OS)
ASA 8.2(3) and later; 8.4(1) and later.
SSP-10 and -40, single SSP
(See ASA OS)
ASA 8.2(4) and later; 8.4(1) and later.
IPS SSP-10, -20, -40, and -60, with matching-level SSP
7.1
ASA 8.2(5)7 and later; 8.4(2) and later.
Dual SSPs for SSP-40 and SSP-60, matching-level
(See ASA OS)
ASA 8.4(2) and later
1 ASA Version 8.1 is supported only on the ASA 5580, which does not support modules.
2 IPS 7.0 is not supported on the AIP SSC.
3 ASDM 5.2 and later lets you launch IDM from ASDM to manage IPS release 5.0 and 5.1. For natively-integrated management, use IPS 6.0 and later.
4 IPS 5.1(4) is the minimum version that supports signature updates.
5 ASDM 5.2 and above lets you launch Trend Micro Content Security from ASDM to manage CSC 6.0, 6.1, and 6.2. For natively-integrated management, use CSC 6.3 and above with ASDM 6.2(3) and above.
6 The 5585-X is supported in 8.2 and 8.4; it is not supported in 8.3.
7 IPS SSP support was added in interim release 8.2(4.4); however, this table does not list interim releases when there is a recommended maintenance release that you should use instead.
ASA Services Module and Catalyst 6500 Compatibility
Table 3 shows the switch hardware and software compatibility.
Table 3 Support for the ASASM
8.5(1) and later
Catalyst 6500-E
720-10GE with MSFC3 PFC3C (VS-S720-10G-3C)
12.2(33)SXJ21 and later
720-10GE with MSFC3 PFC3CXL (VS-S720-10G-3CXL)
720 with MSFC3 PFC3B (WS-SUP720-3B)
720 with MSFC3 PFC3BXL (WS-SUP720-3BXL)
8.5(1.7) and later
Catalyst 6500-E
2T with MSFC5 PFC4 (VS-S2T-10G)
15.0(1)SY1 and later
2T with MSFC5 PFC4XL (VS-S2T-10G-XL)
1 Originally-support ed IOS Version 12.2(33)SXJ1 has a caveat (CSCts88817) that can cause the ASASM to reload under certain circumstances. Therefore, we recommend using 12.2(33)SXJ2 or later.
Identity Firewall Active Directory PC Requirements
The Identity Firewall integrates with Windows Active Directory in conjunction with an external Active Directory (AD) Agent that provides the actual identity mapping. The ASA uses Windows Active Directory as the source to retrieve the current user identity information for specific IP addresses.
You can install the Active Directory Agent on a separate server or on the server where the Active Directory Domain Controller is installed.
Table 4 lists the minimum hardware requirements for the AD agent and the Active Directory Server Domain Controller.
ASA Memory Information
The ASA includes DRAM and internal flash memory. On some models, you can optionally use an external flash memory as well. This section includes the following topics:
•
Memory Requirements
Table 5 lists the standard and recommended flash memory and DRAM. Note that the shipping DRAM increased after February 2010; the DRAM requirements for 8.3 and higher match the newer default shipping sizes. See the "Memory Upgrade Kits" section to order an upgrade kit.
Note
Note
Table 5 Standard Memory and Memory Requirements for the Cisco ASA Series
5505
128 MB
256 MB
512 MB3
5510
256 MB
256 MB
1 GB
5520
256 MB
512 MB
2 GB
5540
256 MB
1 GB
2 GB
5550
256 MB
4 GB
4GB
5512-X
4 GB
N/A
4 GB
5515-X
8 GB
N/A
8 GB
5525-X
8 GB
N/A
8 GB
5545-X
8 GB
N/A
12 GB
5555-X
8 GB
N/A
16 GB
5580-20
1 GB
8 GB
8GB
5580-40
1 GB
12 GB
12 GB
5585-X with SSP-10
2 GB
N/A
6 GB
5585-X with SSP-20
2 GB
N/A
12 GB
5585-X with SSP-40
2 GB
N/A
12 GB
5585-X with SSP-60
2 GB
N/A
24 GB
ASASM
8 GB
N/A
24 GB
1 For the ASA 5510 through 5550, you might need to upgrade the internal flash memory to 512 MB or add external flash memory if you load multiple images of the AnyConnect client along with one or more images of the ASA software, ASDM, client/server plugins, or Cisco Secure Desktop. In particular, you might need to upgrade for multiple AnyConnect 3.0 and higher clients with optional modules. The ASA 5505 does not have a flash memory upgrade available.
2 The default internal flash memory for some models was 64 MB in the past; if you have one of these early units, we recommend upgrading your flash memory to at least the new shipping default.
3 For the ASA 5505, only the Unlimited Hosts license and the Security Plus license with failover enabled require 512 MB; other licenses can use 256 MB.
Memory Upgrade Kits
Table 6 lists the DRAM upgrade kits.
Table 6 DRAM Upgrade Kits
ASA 5505
512 MB
ASA5505-MEM-512=
ASA 55101
1 GB
ASA5510-MEM-1GB=
ASA 5520
2 GB
ASA5520-MEM-2GB=
ASA 5540
2 GB
ASA5540-MEM-2GB=
1 If you previously purchased the 512 MB upgrade kit for the ASA 5510 (ASA5510-MEM-512=), you must upgrade to the 1 GB memory upgrade kit to run Version 8.3.
Table 7 lists the CompactFlash upgrade kits available for the ASA 5510 through ASA 5550, for use as internal or external flash memory.
Table 7 CompactFlash Upgrade Kits
ASA 5510 through ASA 5550
256 MB
ASA5500-CF-256MB=
ASA 5510 through ASA 5550
512 MB
ASA5500-CF-512MB=
Viewing Flash Memory
You can check the size of internal flash and the amount of free flash memory on the ASA by doing the following:
•
•
For example:
hostname # dirDirectory of disk0:/43 -rwx 14358528 08:46:02 Feb 19 2007 cdisk.bin136 -rwx 12456368 10:25:08 Feb 20 2007 asdmfile58 -rwx 6342320 08:44:54 Feb 19 2007 asdm-600110.bin61 -rwx 416354 11:50:58 Feb 07 2007 sslclient-win-1.1.3.173.pkg62 -rwx 23689 08:48:04 Jan 30 2007 asa1_backup.cfg66 -rwx 425 11:45:52 Dec 05 2006 anyconnect70 -rwx 774 05:57:48 Nov 22 2006 cvcprofile.xml71 -rwx 338 15:48:40 Nov 29 2006 tmpAsdmCustomization43040652672 -rwx 32 09:35:40 Dec 08 2006 LOCAL-CA-SERVER.ser73 -rwx 2205678 07:19:22 Jan 05 2007 vpn-win32-Release-2.0.0156-k9.pkg74 -rwx 3380111 11:39:36 Feb 12 2007 securedesktop_asa_3_2_0_56.pkg62881792 bytes total (3854336 bytes free)hostname #
DRAM, Flash Memory, and Failover
In a failover configuration, the two units must have the same amount of DRAM. You do not have to have the same amount of flash memory. For more information, see the failover chapters in the configuration guide.
Note
PIX 500 and ASDM Compatibility
Table 2 shows the software compatibility for each PIX 500 model.
Table 8 PIX Compatibility
501, 506E
PIX 6.3
PDM 3.0
515/515E, 525, 535
PIX 6.3
PDM 3.0
PIX 7.0
ASDM 5.0. Recommended: 5.0(8).
PIX 7.1
ASDM 5.1. Recommended: 5.1(2).
PIX 7.2
ASDM 5.2. Recommended: 5.2(4).
PIX 8.0(2)
ASDM 6.0(2) and later. Recommended: 6.1(5).
PIX 8.0(3)
ASDM 6.0(3) and later. Recommended: 6.1(5).
PIX 8.0(4)
ASDM 6.1(3)1 and later. Recommended: 6.1(5).
1 8.0(4) and ASDM 6.1(5) are the final versions supported on the PIX security appliance.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Copyright © 2008-2012 Cisco Systems, Inc. All rights reserved.
