Worldwide [change] |Account |Register |About Cisco
Guest

Hierarchical Navigation

Cisco ASA 5500 Series Adaptive Security Appliances

Cisco ASA 5500 Series Advanced Inspection and Prevention Security Services Module and Cisco ASA 5500 Series Advanced Inspection and Prevention Security Services Card

Downloads

The Cisco® Advanced Inspection and Prevention Security Services Module (AIP SSM) and the Cisco® Advanced Inspection and Prevention Security Services Card (AIP SSC) for the Cisco ASA 5500 Series Adaptive Security Appliance provide proactive, full-featured intrusion prevention services to stop malicious traffic, including worms and network viruses, before they can affect your network.

Security Services Module

Providing unparalleled protection for an organization's critical information assets, the Cisco ASA 5500 Series Adaptive Security Appliance provides best-in-class firewall and VPN capabilities in a single, easy-to-deploy platform. When combined with the advanced inspection capabilities of the AIP SSM or AIP SSC, the Cisco ASA 5500 Series Adaptive Security Appliance provides integrated, converged protection of an organization's servers and infrastructure without compromising the ability to use the network as a business tool.

AIP-SSM Intrusion Prevention Services

Cisco AIP SSM and AIP SSC combine inline prevention services with innovative technologies to improve accuracy. The result is total confidence in the protection offered by your intrusion prevention system (IPS) solution, without the fear of legitimate traffic being dropped. When deployed within Cisco ASA 5500 Series appliances, the AIP SSM and AIP SSC offer comprehensive protection of your IPv6 and IPv4 networks by collaborating with other network security resources, providing a proactive approach to protecting your network.
The Cisco AIP SSM and AIP SSC help users stop threats with greater confidence through the use of:

Complete IPS capabilities: The Cisco AIP SSM delivers the complete IPS capabilities available on Cisco IPS 4200 Series Sensors. The Cisco AIP SSM can be deployed inline of the traffic path, or in promiscuous mode, whereby a copy of the traffic is sent to the Cisco AIP SSM for inspection.

Global Correlation: The Cisco AIP SSM provides organizations with unprecedented accuracy, visibility, and response time in addressing security threats. Global Correlation for IPS provides real-time updates on the global threat environment beyond the perimeter by adding reputation analysis, reducing the window of threat exposure, and providing continuous feedback. With these new capabilities, Cisco AIP SSM can detect more threats, detect them earlier and more accurately, and protect critical assets from malicious attacks. Global Correlation is not available on AIP SSC.

Comprehensive and timely attack protection: The Cisco AIP SSM and AIP SSC provide proven protection against tens of thousands of known exploits and millions more potential unknown exploit variants. This protection is delivered using specialized IPS detection engines and thousands of signatures. Cisco Services for IPS provides signature updates by a global intelligence team working 24 hours a day to help ensure that you are protected against the latest threats.

Day-zero attack protection: The Cisco AIP SSM provides powerful protection against day-zero attacks with Cisco anomaly detection. It learns the normal behavior on your network and alerts you when it sees anomalous activities in your network. Cisco anomaly protection helps protect you against new threats before signatures are available. Anomaly detection is not available on AIP SSC.

Wireless protection: The Cisco ASA SSM and AIP SSC are tightly integrated with the Cisco Wireless LAN Controller to help ensure that intruders do not enter your wireless network. The Cisco Wireless LAN Controller blocks intruders based on real-time threat intelligence from the Cisco ASA AIP SSM and AIP SSC.

When combined, these elements provide a comprehensive intrusion prevention solution, giving you the confidence to detect and stop the broadest range of malicious traffic before your business continuity is affected.

Table 1. Cisco ASA AIP SSC-5, Cisco ASA AIP SSM-10, Cisco ASA AIP SSM-20, Cisco ASA AIP SSM-40

Feature

Cisco ASA AIP SSC-5

Cisco ASA AIP SSM-10

Cisco ASA AIP SSM-20

Cisco ASA AIP SSM 40
 
AIP 5 PR.jpg
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6825/images/0900aecd80590bf3_null_null_null_02_08_06-1.jpg
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6825/images/0900aecd80590bf3_null_null_null_02_08_06-2.jpg

Concurrent Threat Mitigation Throughput (Firewall and IPS Services)
• 75 Mbps with Cisco ASA 5505
• 150 Mbps with Cisco ASA 5510
• 225 Mbps with Cisco ASA 5520
• 375 Mbps with Cisco ASA 5520
• 500 Mbps with Cisco ASA 5540
• 450 Mbps with Cisco ASA 5520
• 650 Mbps with Cisco ASA 5540

Technical Specifications

Memory

512 MB

1 GB

2 GB

4 GB

Flash

512 MB

256 MB

256 MB

2 GB

Environmental Operating Ranges

Operating

Temperature

32 to 104ºF (0 to 40ºC)

Relative Humidity

5 to 95 percent noncondensing

Nonoperating

Temperature

-13 to 158ºF (-25 to 70ºC)

Power Consumption

90W maximum

Physical Specifications

Dimensions (H x W x D)

0.68 x 3.55 x 5,2 in (1.73 x 9.02 x 13.21 cm)

1.70 x 6.80 x 11.00 in. (4.32 x 17.27 x 27.94 cm)

Weight (with Power Supply)

0.42 lb (0.19 kg)

3.00 lb (1.36 kg)

2.58 lb (1.17 kg)

Regulatory and Standards Compliance

Safety

UL 1950, CSA C22.2 No. 950, EN 60950 IEC 60950, AS/NZS3260, TS001

Electromagnetic Compatibility (EMC)

CE marking, FCC Part 15 Class A, AS/NZS 3548 Class A, VCCI Class A, EN55022 Class A, CISPR22 Class A, EN61000-3-2, EN61000-3-3

Ordering Information

To place an order, visit the Cisco Ordering Home Page. See Table 2 for ordering information.

Table 2. Ordering Information

Product Name

Part Number

Cisco ASA 5505 Series Adaptive Security Appliances

Cisco ASA 5505 50-User Adaptive Security Appliance with AIP-SSC-5 (chassis, software, 8 Fast Ethernet interfaces,10 IPsec VPN peers, 2 SSL VPN peers, 3DES/AES license)

ASA5505-50-AIP5-K9

Cisco ASA 5505 Unlimited-User Adaptive Security Appliance with Security Plus License and AIP-SSC-5 (chassis, software, 8 Fast Ethernet interfaces, 25 IPsec VPN peers, 2 SSL VPN peers, DMZ support, stateless Active/Standby high availability, 3DES/AES license

ASA5505-U-AIP5P-K9

Cisco ASA 5510 Series Adaptive Security Appliances

Cisco ASA 5510 Adaptive Security Appliance with SSM-AIP-10 (chassis, software, 50 VPN peers, 4 Fast Ethernet interfaces, Triple Data Encryption Standard/Advanced Encryption Standard [3DES/AES])

ASA5510-AIP10-K9

Cisco ASA 5510 Adaptive Security Appliance with Security Plus License and AIP-SSM-10 (chassis, software, 2 Gigabit Ethernet interfaces, 3 Fast Ethernet interfaces, 250 IPsec VPN peers, 2 SSL VPN peers, Active/Active high availability, 3DES/AES)

ASA5510-AIP10SP-K9

Cisco ASA 5510 Adaptive Security Appliance withSecurity Plus License and AIP-SSM-20 (chassis, software, 2 Gigabit Ethernet interfaces, 3 Fast Ethernet interfaces, 250 IPsec VPN peers, 2 SSL VPN peers, Active/Active high availability, 3DES/AES)

ASA5510-AIP20SP-K9

Cisco ASA 5520 Series Adaptive Security Appliances

Cisco ASA 5520 Adaptive Security Appliance with AIP-SSM-10 (chassis, software, 300 IPSec VPN peers, 2 SSL VPN peers, 4 Gigabit Ethernet interfaces, 3DES/AES)

ASA5520-AIP10-K9

Cisco ASA 5520 Adaptive Security Appliance with AIP-SSM-20 (chassis, software, 300 IPSec VPN peers, 2 SSL VPN peers, 4 Gigabit Ethernet interfaces, 3DES/AES)

ASA5520-AIP20-K9

Cisco ASA 5520 Adaptive Security Appliance with AIP-SSM-40 (chassis, software, 300 IPSec VPN peers, 2 SSL VPN peers, 4 Gigabit Ethernet interfaces, 3DES/AES)

ASA5520-AIP40-K9

Cisco ASA 5540 Series Adaptive Security Appliances

Cisco ASA 5540 Adaptive Security Appliance with AIP-SSM-20 (chassis, software, 500 IPSec VPN peers, 2 SSL VPN peers, 4 Gigabit Ethernet interfaces, 3DES/AES)

ASA5540-AIP20-K9

Cisco ASA 5540 Adaptive Security Appliance with AIP-SSM-40 (chassis, software, 500 IPSec VPN peers, 2 SSL VPN peers, 4 Gigabit Ethernet interfaces, 3DES/AES)

ASA5540-AIP40-K9

Security Services Modules and Cards

Cisco ASA 5500 Series Advanced Inspection and Prevention Security Services Card 5 (AIP-SSC-5)

ASA-SSC-AIP-5-K9=

Cisco ASA 5500 Series Advanced Inspection and Prevention Security Services Module 10 (AIP-SSM-10)

ASA-SSM-AIP-10-K9=

Cisco ASA 5500 Series Advanced Inspection and Prevention Security Services Module 20 (AIP-SSM-20)

ASA-SSM-AIP-20-K9=

Cisco ASA 5500 Series Advanced Inspection and Prevention Security Services Module 40 (AIP-SSM-40)

ASA-SSM-AIP-40-K9=

Service and Support

Cisco takes a lifecycle approach to services, and with its partners, provides a broad portfolio of Security Services so enterprises can design, implement, operate and optimize network platforms that defend critical business processes against attack and disruption, protect privacy, and support policy and regulatory compliance controls.
Cisco services help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco services, refer to http://www.cisco.com/go/services/security.
The following Cisco Security Services support and compliment the SSM-AIP modules and the ASA 5500 series Adaptive Security Appliances:

Cisco Services for IPS

Cisco Services for IPS helps protect your business against security vulnerabilities by providing hardware and software support, operating system and application updates, access to Cisco security engineering specialists, and timely alerts about late-breaking viruses, worms, and other threats
Cisco Services for IPS features:

• Signature file updates and alerts

• Registered access to Cisco.com for online tools and technical assistance

• Access to Cisco Technical Assistance Center (TAC)

• Cisco IPS Sensor Software updates

• Options for Advance replacement of failed hardware

Cisco Security Center

The Cisco Security Center provides one-stop shopping for early-warning threat intelligence threat and vulnerability analysis, Cisco IPS Signatures and mitigation techniques. Visit and bookmark the Cisco Security Center at: http://www.cisco.com/security

Cisco Security Intellishield Alert Manager

Cisco Security Intellishield Alert Manager Service provides a customizable, web-based threat and vulnerability alert service that allows organizations to easily access timely, accurate and credible information about potential vulnerabilities in their environment.

Cisco Security Optimization Service

Cisco Security Optimization Service-increasingly the network infrastructure is the foundation of the agile and adaptive business. The Cisco Security Optimization Service supports the continuously evolving security system to meet ever-changing security threats, through a combination of planning and assessments, design, performance tuning, and ongoing support for system changes and helps integrate security into the core network infrastructure.

Table 3. Ordering Information for Advance Hardware Replacement Options

Appliance/Module Part Number

Service Option Part Number

Service Option Name

ASA5505-50-AIP5-K9
• CON-SUI-AS5A5K9
• CON-SU2-AS5A5K9
• CON-SU3-AS5A5K9
• CON-SU4-AS5A5K9
• CON-SUO1-AS5A5K9
• CON-SUO2-AS5A5K9
• CON-SUO3-AS5A5K9
  • CON-SU04-AS5A5K9
• IPS Service with Advance Hardware replacement Next Business Day (NBD)
• IPS Svc with Adv HW repl 8x5 within four hours
• IPS Svc with Adv HW repl 24x7 within four hours
• IPS Svc with Adv HW repl 24x7 within two hours
• IPS Svc with Adv HW repl and Field Engineer onsite Next Business Day (NBD)
• IPS Svc with Adv HW repl onsite 8x5x4
• IPS Svc with Adv HW repl onsite 24x7x4
  • IPS Svc with Adv HW repl onsite 24x7x2

ASA5505-U-AIP5P-K9
• CON-SU1-AS5A5PK9 
• CON-SU2-AS5A5PK9 
• CON-SU3-AS5A5PK9 
• CON-SU4-AS5A5PK9 
• CON-SUO1-AS5A5PK9 
• CON-SUO2-AS5A5PK9 
• CON-SUO3-AS5A5PK9 
• CON-SUO4-AS5A5PK9 
• IPS Service with Advance Hardware replacement Next Business Day (NBD)
• IPS Svc with Adv HW repl 8x5 within four hours
• IPS Svc with Adv HW repl 24x7 within four hours
• IPS Svc with Adv HW repl 24x7 within two hours
• IPS Svc with Adv HW repl and Field Engineer onsite Next Business Day (NBD)
• IPS Svc with Adv HW repl onsite 8x5x4
• IPS Svc with Adv HW repl onsite 24x7x4
  • IPS Svc with Adv HW repl onsite 24x7x2

ASA5510-AIP10-K9
• CON-SU1-AS1A10K9
• CON-SU2-AS1A10K9
• CON-SU3-AS1A10K9
• CON-SU4-AS1A10K9
• CON-SUO1-AS1A10K9
• CON-SUO2-AS1A10K9
• CON-SUO3-AS1A10K9
• CON-SUO4-AS1A10K9
• IPS Service with Advance Hardware replacement Next Business Day (NBD)
• IPS Svc with Adv HW repl 8x5 within four hours
• IPS Svc with Adv HW repl 24x7 within four hours
• IPS Svc with Adv HW repl 24x7 within two hours
• IPS Svc with Adv HW repl and Field Engineer onsite Next Business Day (NBD)
• IPS Svc with Adv HW repl onsite 8x5x4
• IPS Svc with Adv HW repl onsite 24x7x4
• IPS Svc with Adv HW repl onsite 24x7x2

ASA5510-AIP10SP-K9
• CON-SU1-AS1A1PK9
• CON-SU2-AS1A1PK9
• CON-SU3-AS1A1PK9
• CON-SU4-AS1A1PK9
• CON-SUO1-AS1A1PK9
• CON-SUO2-AS1A1PK9
• CON-SUO3-AS1A1PK9
• CON-SUO4-AS1A1PK9
• IPS Service with Advance Hardware replacement Next Business Day (NBD)
• IPS Svc with Adv HW repl 8x5 within four hours
• IPS Svc with Adv HW repl 24x7 within four hours
• IPS Svc with Adv HW repl 24x7 within two hours
• IPS Svc with Adv HW repl and Field Engineer onsite Next Business Day (NBD)
• IPS Svc with Adv HW repl onsite 8x5x4
• IPS Svc with Adv HW repl onsite 24x7x4
  • IPS Svc with Adv HW repl onsite 24x7x2

ASA5510-AIP20SP-K9
• CON-SU1-AS1A2PK9
• CON-SU2-AS1A2PK9
• CON-SU3-AS1A2PK9
• CON-SU4-AS1A2PK9
• CON-SUO1-AS1A2PK9
• CON-SUO2-AS1A2PK9
• CON-SUO3-AS1A2PK9
• CON-SUO4-AS1A2PK9
• IPS Service with Advance Hardware replacement Next Business Day (NBD)
• IPS Svc with Adv HW repl 8x5 within four hours
• IPS Svc with Adv HW repl 24x7 within four hours
• IPS Svc with Adv HW repl 24x7 within two hours
• IPS Svc with Adv HW repl and Field Engineer onsite Next Business Day (NBD)
• IPS Svc with Adv HW repl onsite 8x5x4
• IPS Svc with Adv HW repl onsite 24x7x4
  • IPS Svc with Adv HW repl onsite 24x7x2

ASA5520-AIP10-K9
• CON-SU1-AS2A10K9
• CON-SU2-AS2A10K9
• CON-SU3-AS2A10K9
• CON-SU4-AS2A10K9
• CON-SUO1-AS2A10K9
• CON-SUO2-AS2A10K9
• CON-SUO3-AS2A10K9
• CON-SUO4-AS2A10K9
• IPS Svc with Adv HW repl NBD
• IPS Svc with Adv HW repl 8x5 within four hours
• IPS Svc with Adv HW repl 24x7 within four hours
• IPS Svc with Adv HW repl 24x7 within two hours
• IPS Svc with Adv HW repl onsite NBD
• IPS Svc with Adv HW repl onsite 8x5x4
• IPS Svc with Adv HW repl onsite 24x7x4
• IPS Svc with Adv HW repl onsite 24x7x2

ASA5520-AIP20-K9
• CON-SU1-AS2A20K9
• CON-SU2-AS2A20K9
• CON-SU3-AS2A20K9
• CON-SU4-AS2A20K9
• CON-SUO1-AS2A20K9
• CON-SUO2-AS2A20K9
• CON-SUO3-AS2A20K9
• CON-SUO4-AS2A20K9
• IPS Svc with Adv HW repl NBD
• IPS Svc with Adv HW repl 8x5 within four hours
• IPS Svc with Adv HW repl 24x7 within four hours
• IPS Svc with Adv HW repl 24x7 within two hours
• IPS Svc with Adv HW repl onsite NBD
• IPS Svc with Adv HW repl onsite 8x5x4
• IPS Svc with Adv HW repl onsite 24x7x4
• IPS Svc with Adv HW repl onsite 24x7x2

ASA5520-AIP40-K9
• CON-SU1-AS2A40K9
• CON-SU2-AS2A40K9
• CON-SU3-AS2A40K9
• CON-SU4-AS2A40K9
• CON-SUO1-AS2A40K9
• CON-SUO2-AS2A40K9
• CON-SUO3-AS2A40K9
• CON-SUO4-AS2A40K9
• IPS Svc with Adv HW repl NBD
• IPS Svc with Adv HW repl 8x5 within four hours
• IPS Svc with Adv HW repl 24x7 within four hours
• IPS Svc with Adv HW repl 24x7 within two hours
• IPS Svc with Adv HW repl onsite NBD
• IPS Svc with Adv HW repl onsite 8x5x4
• IPS Svc with Adv HW repl onsite 24x7x4
• IPS Svc with Adv HW repl onsite 24x7x2

ASA5540-AIP20-K9
• CON-SU1-AS4A20K9
• CON-SU2-AS4A20K9
• CON-SU3-AS4A20K9
• CON-SU4-AS4A20K9
• CON-SUO1-AS4A20K9
• CON-SUO2-AS4A20K9
• CON-SUO3-AS4A20K9
• CON-SUO4-AS4A20K9
• IPS Svc with Adv HW repl NBD
• IPS Svc with Adv HW repl 8x5 within four hours
• IPS Svc with Adv HW repl 24x7 within four hours
• IPS Svc with Adv HW repl 24x7 within two hours
• IPS Svc with Adv HW repl onsite NBD
• IPS Svc with Adv HW repl onsite 8x5x4
• IPS Svc with Adv HW repl onsite 24x7x4
• IPS Svc with Adv HW repl onsite 24x7x2

ASA5540-AIP40-K9
• CON-SU1-AS4A40K9
• CON-SU2-AS4A40K9
• CON-SU3-AS4A40K9
• CON-SU4-AS4A40K9
• CON-SUO1-AS4A40K9
• CON-SUO2-AS4A40K9
• CON-SUO3-AS4A40K9
• CON-SUO4-AS4A40K9
• IPS Svc with Adv HW repl NBD
• IPS Svc with Adv HW repl 8x5 within four hours
• IPS Svc with Adv HW repl 24x7 within four hours
• IPS Svc with Adv HW repl 24x7 within two hours
• IPS Svc with Adv HW repl onsite NBD
• IPS Svc with Adv HW repl onsite 8x5x4
• IPS Svc with Adv HW repl onsite 24x7x4
• IPS Svc with Adv HW repl onsite 24x7x2

ASA-SSM-AIP-10-K9=
• CON-SU1-ASIP10K9
• CON-SU2-ASIP10K9
• CON-SU3-ASIP10K9
• CON-SU4-ASIP10K9
• CON-SUO1-ASIP10K9
• CON-SUO2-ASIP10K9
• CON-SUO3-ASIP10K9
• CON-SUO4-ASIP10K9
• IPS Svc with Adv HW repl NBD
• IPS Svc with Adv HW repl 8x5 within four hours
• IPS Svc with Adv HW repl 24x7 within four hours
• IPS Svc with Adv HW repl 24x7 within two hours
• IPS Svc with Adv HW repl onsite NBD
• IPS Svc with Adv HW repl onsite 8x5x4
• IPS Svc with Adv HW repl onsite 24x7x4
• IPS Svc with Adv HW repl onsite 24x7x2

ASA-SSM-AIP-20-K9=
• CON-SU1-ASIP20K9
• CON-SU2-ASIP20K9
• CON-SU3-ASIP20K9
• CON-SU4-ASIP20K9
• CON-SUO1-ASIP20K9
• CON-SUO2-ASIP20K9
• CON-SUO3-ASIP20K9
• CON-SUO4-ASIP20K9
• IPS Svc with Adv HW repl NBD
• IPS Svc with Adv HW repl 8x5 within four hours
• IPS Svc with Adv HW repl 24x7 within four hours
• IPS Svc with Adv HW repl 24x7 within two hours
• IPS Svc with Adv HW repl onsite NBD
• IPS Svc with Adv HW repl onsite 8x5x4
• IPS Svc with Adv HW repl onsite 24x7x4
• IPS Svc with Adv HW repl onsite 24x7x2

ASA-SSM-AIP-40-K9=
• CON-SU1-ASIP40K9
• CON-SU2-ASIP40K9
• CON-SU3-ASIP40K9
• CON-SU4-ASIP40K9
• CON-SUO1-ASIP40K9
• CON-SUO2-ASIP40K9
• CON-SUO3-ASIP40K9
• CON-SUO4-ASIP40K9
• IPS Svc with Adv HW repl NBD
• IPS Svc with Adv HW repl 8x5 within four hours
• IPS Svc with Adv HW repl 24x7 within four hours
• IPS Svc with Adv HW repl 24x7 within two hours
• IPS Svc with Adv HW repl onsite NBD
• IPS Svc with Adv HW repl onsite 8x5x4
• IPS Svc with Adv HW repl onsite 24x7x4
• IPS Svc with Adv HW repl onsite 24x7x2

For more information on Cisco Services for IPS, please visit http://www.cisco.com/en/US/products/ps6076/serv_group_home.html.

Export Considerations

Cisco IPS 4200 Series sensors are subject to export controls. For guidance, please refer to the export compliance Website at http://www.cisco.com/wwl/export/crypto/.
For specific export questions, contact export@cisco.com.

Additional Information

For more information about Cisco IPS solutions, visit http://www.cisco.com/go/ips.
For more information about Cisco ASA 5500 Series adaptive security appliances, visit http://www.cisco.com/go/asa.
For information about Cisco IDS 4200 Series sensors that have reached end-of-sale status, visit http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/prod_eol_notices_list.html.
For more information about CiscoWorks VPN/Security Management System (VMS) solutions (IPS management) and Cisco Security MARS, visit:

http://www.cisco.com/go/vms

http://www.cisco.com/go/mars