Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Cisco Adaptive Security Virtual Appliance (ASAv) Data Sheet

Data Sheet

Available Languages

Download Options

  • PDF
    (416.5 KB)
    View with Adobe Reader on a variety of devices
Updated:April 1, 2020

Available Languages

Download Options

  • PDF
    (416.5 KB)
    View with Adobe Reader on a variety of devices
Updated:April 1, 2020
 

 

Meet the latest step in the evolution of Cisco® Adaptive Security Appliances: the Cisco Adaptive Security Virtual Appliance (ASAv). This appliance brings the power of ASA to the virtual domain and cloud environments. It runs the same software as the physical appliance to deliver proven security functionality. You can use it to protect virtual workloads within your data center. Later, you can expand, contract, or shift the location of these workloads over time and span physical, virtual, and Public Cloud infrastructures.

In the past, computing infrastructure elements were implemented with specialized hardware built for that purpose. With the advent of x86 server virtualization and the need for more power, the virtualization of computing infrastructure is becoming more popular. Businesses are deploying their computing, storage, and network infrastructure with virtual devices because of benefits they gain. These include deployment flexibility, increased server utilization, and ease of management.

Product overview

The Adaptive Security Virtual Appliance (ASAv) runs as a virtual machine inside a hypervisor in a virtual host (Figure 1). Most of the features that are supported on a physical ASA by Cisco software are supported on the virtual appliance as well, except for clustering and multiple contexts. The virtual appliance supports site-to-site VPN, remote-access VPN, and clientless VPN functionalities as supported by physical ASA devices.

ASAv Architecture

Figure 1.               

ASAv Architecture

The ASAv uses Cisco Smart Software Licensing to validate its entitlements. Smart Software Licensing makes it easier to deploy, manage, and track virtual instances of the appliance running on customer premises.

Benefits

The ASAv offers multiple customer benefits, including the following:

Consistent Policy

You can deploy ASAv in your private cloud or public clouds and have consistent policy with your physical appliances. Increasingly, customers are deploying some parts of an application on physical infrastructure and other parts on virtual infrastructure. Even on a virtual infrastructure, customers use multiple hypervisors and public clouds to deploy their applications. ASAv, along with ASA, normalizes the deployment options. One security policy can be deployed for both physical and virtual appliances.

Ease of Management

The ASAv offers the Representational State Transfer (REST) API, an HTTP based interface. With it, you can change your security policies and monitoring status and otherwise manage the device. An ASA can be introduced into Software-Defined Networking (SDN) environments and easily used with custom policy-orchestration systems.

Ease of Provisioning

You can provision the virtual appliance within a matter of minutes with a predetermined configuration. You can quickly deploy security services to match the speed of application deployment. With Smart Software Licensing, the virtual appliance can automatically obtain the entitlements while giving you a single, holistic view of the resources being consumed within your enterprise.

Smart Software Licensing

Cisco Smart Software Licensing makes it easier to buy, deploy, track, and renew Cisco licenses. We have moved away from Product Activation Key (PAK)-based licensing to a model that supports more flexibility and visibility. You will enjoy:

     Simpler purchase and activation of the virtual appliance, as outlined in Figure 2

     Easier license management and reporting of virtual appliances due to license pooling

     Automatic license activation when the virtual appliance is provisioned

Customers, their chosen partners, and Cisco can view product entitlements and services in the Cisco Smart Software Manager. Configuration and activation are done with a single token. The ASAv will self-register with a Cisco server in the cloud, removing the need of going to a website and registering products with PAKs. Instead of using PAKs or license files, Smart Software Licensing establishes a pool of software licenses or entitlements that can be used across your business. When a virtual appliance is instantiated on a customer’s premises, an entitlement is subtracted from the pool. When a virtual appliance is decommissioned, or when it is deinstantiated within the Smart Software Manager, an entitlement is added to the pool.

With the Smart Software Manager, you can self-manage license deployments throughout your company easily and quickly. You can also manage multiple products from Cisco that support Smart Software Licensing.

The ASAv uses Smart Software Licensing exclusively. Older forms of licensing are not supported.

Any ASAv license can be used on any supported ASAv vCPU/memory configuration. This allows ASAv customers to run on a wide variety of VM resource footprints. This also increases the number of supported AWS and Azure instances types. When configuring the ASAv VM, the maximum supported number of vCPUs is 8; and the maximum supported memory is 64GB RAM.

Table 1 lists the specifications for all virtual appliance licenses. Table 2 provides ordering information.

Table 1.           Specifications

Feature

Entitlement Support

Standard Tier, 100M (ASAv5)

Standard Tier, 1G (ASAv10)

Standard Tier, 2G (ASAv30)

Standard Tier, 10G (ASAv50)

Stateful inspection throughput (maximum)1

100 Mbps

1 Gbps

2 Gbps

10 Gbps

Stateful inspection throughput (multiprotocol)2

50 Mbps

500 Mbps

1 Gbps

5 Gbps

Advanced Encryption Standard (AES) VPN throughput3

30 Mbps

125 Mbps

1 Gbps

3 Gbps

Connections per second

8,000

20,000

60,000

120,000

Concurrent sessions

50,000

100,000

500,000

2,000,000

VLANs

25

50

200

1024

Bridge groups

12

25

100

250

IPsec VPN peers

50

250

750

10,000

Cisco AnyConnect® or clientless VPN user sessions

50

250

750

10,000

Cisco Unified Communications phone proxy

50

250

1000

Not tested

Cisco Cloud Web Security users

250

1,000

5000

Not tested

 

Feature

VMware

KVM

Hyper-V

AWS

Azure

Hypervisor support

ESXi 6.0, 6.5, 6.7

Yes

Yes (Windows Server 2012-R2)

AWS, AWS Gov Marketplace, AWS China

(see VM instances supported in

Table 2)

Azure, Azure Gov Marketplace, Azure China

(see VM instances supported in

Table 3)

High availability

Stateful Active/standby

No

Stateless-

Active/standby

Modes

Routed and transparent

 

Routed only

Routed only

 

Resources

Minimum

Maximum

Virtual CPUs

1

8

Memory

2 GB

64GB

Disk storage

8 GB recommended

 

Choose your desired capacity profile from this table, and then match the memory and CPU requirements to the instance size table below for AWS or Azure

RAM (GB)

Entitlement Support
#AnyConnect / #UC Proxy Sessions / Rate Limiter

MIN

MAX

ASAv5 STD - 100M

ASAv10 STD- 1G

ASAv-STD-2G

ASAv-STD-10G

1

1.5

50/500/100M

50/500/1G

50/500/2G

50/500/10G

2

<8

50/500/100M

250/500/1G

250/500/2G

250/500/10G

8

<16

50/500/100M

250/500/1G

750/1000/2G

750/1000/10G

16

No Max

50/500/100M

250/500/1G

750/1000/2G

10K/10K/10G

Table 2.           AWS Instance Support

Instance

Attributes

Interfaces

vCPUs

Memory (GB)

C5.large*

2

4

3

C5.xlarge*

4

8

4

C5.2xlarge*

8

16

4

C4.large

2

3.75

3

C4.xlarge

4

7.5

4

C4.2xlarge*

8

15

4

C3.large

2

3.75

3

C3.xlarge

4

7.5

4

C3.2xlarge*

8

15

4

m4.large

2

8

2

m4.xlarge

4

16

4

m4.2xlarge*

8

4

4

* Requires 9.13 and above.

Table 3.           Azure Instance Support

Instance

Attributes

 

Interfaces

vCPUs

Memory (GB)

D3, D3_v2, DS3*, DS3_v2*

4

14

4

D4*, D4_v2*, DS4*, DS4_v2*

8

28

8

D8_v3*

8

32

4

F4*, F4s*

4

8

4

F8*, F8s*

8

16

8

* Requires 9.13 and above.

Table 4.           Ordering Information: In Cisco Commerce Workspace (CCW) Order the Base Selection (Denoted by “K9” in the Part Number), Followed by the Desired License Type

Part Number

Description

L-ASAV5S-K9=

8-pack Cisco 100 Mbps entitlement (ASAv5) selection

L-ASAV5S-STD-8

8-pack Cisco 100 Mbps entitlement (ASAv5) with all firewall features licensed

L-ASAV10S-K9=

Cisco 1 Gbps entitlement (ASAv10) selection

L-ASAV10S-STD

Cisco 1 Gbps entitlement (ASAv10) with all firewall features licensed

L-ASAV10S-STD-16

16-pack Cisco 1 Gbps entitlement (ASAv10) with all firewall features licensed

L-ASAV30S-K9=

Cisco 2 Gbps entitlement (ASAv30) selection

L-ASAV30S-STD

Cisco 2 Gbps entitlement (ASAv30) with all firewall features licensed

L-ASAV30S-STD-4

4-pack Cisco 2 Gbps entitlement (ASAv30) with all firewall features licensed

L-ASAV50S-K9=

Cisco 10 Gbps entitlement (ASAv50) selection

L-ASAV50S-STD

Cisco 10 Gbps entitlement (ASAv50) with all firewall features licensed

L-ASAV50S-STD-4

4-pack Cisco 10 Gbps entitlement (ASAv50) with all firewall features licensed

Remote access VPN and clientless VPN functionality can be licensed separately as outlined in https://www.cisco.com/c/en/us/products/collateral/security/anyconnect-secure-mobility-client/guidec07-732790.html.

Cisco environmental sustainability

Information about Cisco’s environmental sustainability policies and initiatives for our products, solutions, operations, and extended operations or supply chain is provided in the “Environment Sustainability” section of Cisco’s Corporate Social Responsibility (CSR) Report.

Reference links to information about key environmental sustainability topics (mentioned in the “Environment Sustainability” section of the CSR Report) are provided in the following table:

Sustainability topic

Reference

Information on product material content laws and regulations

Materials

Information on electronic waste laws and regulations, including products, batteries, and packaging

WEEE compliance

Cisco makes the packaging data available for informational purposes only. It may not reflect the most current legal developments, and Cisco does not represent, warrant, or guarantee that it is complete, accurate, or up to date. This information is subject to change without notice.

Cisco Capital

Flexible payment solutions to help you achieve your objectives

Cisco Capital makes it easier to get the right technology to achieve your objectives, enable business transformation and help you stay competitive. We can help you reduce the total cost of ownership, conserve capital, and accelerate growth. In more than 100 countries, our flexible payment solutions can help you acquire hardware, software, services and complementary third-party equipment in easy, predictable payments. Learn more.

Additional information

     Cisco ASAv: https://www.cisco.com/c/en/us/products/security/virtual-adaptive-securityappliance-firewall/index.html

     Cisco Adaptive Security Appliance (ASA) Software: https://www.cisco.com/c/en/us/products/security/adaptive-security-appliance-asasoftware/index.html

     Cisco Smart Software Licensing: https://www.cisco.com/c/en/us/buy/smart-accounts/softwaremanager.html

     Cisco ASA Configuration Guide: https://www.cisco.com/c/en/us/support/security/asa-5500series-next-generation-firewalls/products-installation-and-configuration-guides-list.html

     Cisco AnyConnect Licensing: https://www.cisco.com/c/en/us/products/collateral/security/anyconnect-secure-mobilityclient/guide-c07-732790.html

Learn more