The Cisco® ASA 5500-X Series Next Generation Firewall is a purpose-built platform that combines best-in-class security and VPN services.
Organizations can have the connectivity and cost benefits of Internet transport without compromising the integrity of corporate security policies. By converging Secure Sockets Layer (SSL) and IP Security (IPsec) VPN services with comprehensive threat-defense technologies, the Cisco ASA 5500-X Series Next-Generation Firewalls deliver highly customizable network access tailored to the requirements of diverse deployment environments while providing advanced endpoint and network-level security (Figure 1).
Figure 1. Customizable VPN Services for Any Deployment Scenario
AnyConnect with the Cisco ASA 5500-X Series Adaptive Security Appliance
The Adaptive Security Appliance offers flexible technologies for any connectivity scenario, with scalability up to 10,000 concurrent users per device. It provides easy-to-manage, full-tunnel network access through:
● SSL (DTLS and TLS)
● IPsec VPN client technologies
● AnyConnect®Secure Mobility Client optimized for Unified Compliance and the Cisco Web Security Appliance
● Advanced clientless SSL VPN capabilities
● Network-aware site-to-site VPN connectivity
This solution supports highly secure connections across public networks to mobile users, remote sites, contractors, and business partners. Costs associated with VPN deployment and operations are reduced by eliminating ancillary equipment required to scale and secure a VPN.
Benefits of the AnyConnect Secure Mobility Client include:
● SSL (TLS and DTLS) and IPsec-based full network access: Full network access provides network-layer remote-user connectivity to virtually any application or network resource. It is often used to extend access to managed computers, such as company-owned laptops. Connectivity is available through the AnyConnect Secure Mobility Client, the Microsoft Layer 2 Tunneling Protocol (L2TP) IPsec VPN client, the Apple iOS and Mac OS X built-in IPsec VPN clients, and numerous third-party IPsec IKEv2-capable remote-access VPN clients.
The AnyConnect Secure Mobility Client will automatically adapt its tunneling protocol to the most efficient method based on network constraints. It is the first VPN product to use the DTLS protocol to provide an optimized connection for latency-sensitive traffic, such as voice-over-IP (VoIP) traffic or TCP-based application access. By supporting SSL (TLS and DTLS), and IPsec-based remote-access VPN technologies, the Cisco ASA 5500 Series delivers exceptional flexibility to meet the needs of the most diverse deployment scenarios.
● Superior clientless network access: Using the ubiquity of SSL encryption available in Internet browsers, the AnyConnect Secure Mobility Client delivers clientless remote access. It provides access to network applications and resources, regardless of location, without the need for desktop VPN client software. An AnyConnect Apex license is required.
● Network visibility: Uncover potential behavior anomalies by monitoring application usage. Usage data can be shared with a growing number of Internet Protocol Flow Information Export (IPFIX)-capable network-analysis tools. An AnyConnect Apex license is required.
● Web security: Use Cisco Cloud Web Security, the largest global provider of software-as-a-service (SaaS) web security, to keep malware off corporate networks and to control and safeguard employee web usage. A Cloud Web Security license is required.
● Network-aware site-to-site VPNs: Highly secure, high-speed communications are possible between multiple office locations.
● Threat-protected remote-access VPNs: VPNs are a primary source of malware infiltration into networks. Malware includes worms, viruses, spyware, keyloggers, Trojan horses, and rootkits. In the Cisco ASA 5500-X Series, the depth and breadth of intrusion prevention, antivirus, application-aware firewall, and VPN endpoint security capabilities reduce the risk that a VPN connection will become a conduit for security threats.
● Cost-effective VPN deployment and operations: Scaling and securing VPNs often requires additional load balancing and security equipment, which increases both equipment and operational costs. The Cisco ASA 5500-X Series integrates these functions, delivering an unprecedented level of network and security integration among the VPN products available today. By offering support for flexible tunneling options on a single platform, the Cisco ASA 5500-X Series provides customers with cost-effective alternatives to deploying parallel VPN infrastructures.
● Scalability and resiliency: The Cisco ASA 5500 Series can support up to 10,000 simultaneous user sessions per device, with the ability to scale to tens of thousands of simultaneous user sessions through integrated clustering and load-balancing capabilities. Stateful failover features deliver high-availability services for exceptional uptime.
The Cisco AnyConnect Ordering Guide covers licensing for AnyConnect features, clientless SSL VPN, and third-party IPsec IKEv2 remote-access VPN clients.
Full Network Access
The Cisco ASA 5500 Series provides broad application and network resource access through network tunneling features available in the AnyConnect Secure Mobility Client.
The AnyConnect Secure Mobility Client data sheet covers details on AnyConnect for PC platforms:
The AnyConnect Secure Mobility Client for Mobile Platforms data sheet covers details on AnyConnect for mobile platforms:
Cisco ASA 5500-X Series Next Generation Firewall Platform Overview
The ASA 5500-X Series Next Generation Firewalls data sheet covers platform capabilities: http://www.cisco.com/c/en/us/products/security/asa-5500-series-next-generation-firewalls/datasheet-listing.html.
Financing to Help You Achieve Your Objectives
Cisco Capital can help you acquire the technology you need to achieve your objectives and stay competitive. We can help you reduce CapEx. Accelerate your growth. Optimize your investment dollars and ROI. Cisco Capital financing gives you flexibility in acquiring hardware, software, services, and complementary third-party equipment. And there’s just one predictable payment. Cisco Capital is available in more than 100 countries. Learn more.
For More Information
Cisco AnyConnect Secure Mobility Client homepage: http://www.cisco.com/go/anyconnect.
Cisco AnyConnect documentation: http://www.cisco.com/en/US/products/ps8411/tsd_products_support_series_home.html.
Cisco ASA 5500 Series Adaptive Security Appliances: http://www.cisco.com/go/asa.
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit: (http://www.openssl.org).
This product includes cryptographic software written by Eric Young (email@example.com).
This product includes software written by Tim Hudson (firstname.lastname@example.org).
This product incorporates the libcurl HTTP library: Copyright 1996-2006, Daniel Stenberg (Daniel@haax.se).