Of course, the new ASA 5508-X and ASA 5516-X are the members of Cisco ASA 5500-X series with FirePOWER Services.
In the previous articles, we introduces many topics about the new ASA 5506-X/SecurityPlus, 5506W-X & 5506H-X, especially the ASA 5506-X firewall, such as new features, main model comparison, start guide, etc. So in this article, we will check some main hardware features of the Cisco ASA 5508-X and 5516-X, including package contents, network ports, console ports, power supply, hardware specs, etc.
The package contents for the ASA 5508-X and ASA 5516-X.
Note that the contents are subject to change, and your exact contents might contain additional or fewer items.
1 | Chassis | 2 | Blue Console Cable PC Terminal Adapter |
3 | Power cord | 4 | 4 10-32 Phillips screws for rack mounting |
5 | 4 12-14 Phillips screws for rack mounting | 6 | 4 M6 Phillip screws for rack mounting |
7 | 4 M4 Phillips screws for rack mounting |
The front panel of the ASA 5508-X. The ASA 5516 has an identical front panel.
The rear panel of the Cisco ASA 5508-X and ASA 5516-X
ASA 5508-X & ASA 5516-LED-Description
Status Lights
The status lights are located just off center on the front panel, and just to the left of the network ports on the rear panel, with the SSD light to the right of the Reset port.
LED | Description | ||
Power | Power supply status:
|
||
Status | System operating status:
|
||
Active | Status of the failover pair:
|
||
SSD | Solid-state drive (SSD) status:
|
||
Network port status | On the rear panel, a pair of LEDs (Link status and connection Status) for each of the eight Gigabit Ethernet network ports, and the Gigabit Ethernet Management port.Link status (L):
Connection-speed status (S):
|
Network Ports: Looking at the rear of the ASA, where the ports are located, port 1 is on the left, and port 8 is on the right, next to the console and management ports. Each port is accompanied by a pair of LEDs, one each for link status (L) and connection status (S). The ports are named and numbered Gigabit Ethernet 1/1 through Gigabit Ethernet 1/8.
Console Ports: The ASA has two external console ports, a standard RJ-45 port and a Mini USB Type B serial port. Only one console port can be active at a time. When a cable is plugged into the USB console port, the RJ-45 port becomes inactive. Conversely, when the USB cable is removed from the USB port, the RJ-45 port becomes active. The console ports do not have any hardware flow control. You can use the command-line interface (CLI) to configure your ASA through either serial console port by using a terminal server or a terminal emulation program on a computer.
RJ-45 Port : The RJ-45 (8P8C) port supports RS-232 signaling to an internal UART controller. The RJ-45 console port does not support a remote dial-in modem. You can use a standard management cable (Cisco part number 72-3383-01) to convert the RJ45-to-DB9 connection if necessary.
Mini USB Type B Port: The Mini USB Type B port lets you connect to a USB port on an external computer. For Linux and Macintosh systems, no special driver is required. For Windows systems, you must download and install a USB driver (available on software.cisco.com). You can plug and unplug the USB cable from the console port without affecting Windows HyperTerminal operations. We recommend shielded USB cables with properly terminated shields. Baud rates for the USB console port are 1200, 2400, 4800, 9600, 19200, 38400, 57600, and 115200 bps.
Note: For Windows operating systems, you must install a Cisco Windows USB Console Driver on any PC connected to the console port before using the USB console port.
Internal and External Flash Storage: The ASA contains one internal USB flash drive, and a standard USB Type A port that you can use to attach an external device. The USB port can provide output power of 5 volts, up to a maximum of 500 mA (5 USB power units).
Internal USB Device : An embedded eUSB device is used as the internal flash; it is identified as disk0.
External USB Drive (Optional) : You can use the external Type A USB port to attach a data-storage device. The external USB drive identifier is disk1. When the ASA is powered on, a connected USB drive is mounted as disk1 and is available for you to use. Additionally, the file-system commands that are available to disk0 are also available to disk1, including copy, format, delete, mkdir, pwd, cd, and so on.
If you insert a USB drive with more than one partition, only the first partition is mounted.
FAT-32 File System : The ASA only supports FAT-32-formatted file systems for the internal eUSB and external USB drives. If you insert an external USB drive that is not in FAT-32 format, the system mounting process fails, and you receive an error message. You can enter the command format disk1: to format the partition to FAT-32 and mount the partition to disk1 again; however, data might be lost.
Solid State Drive: The ASA 5508-X and 5516-X ship with an SSD installed that provides storage support. The SSD in the ASA 5508-X has 80 GB of useable space and is field-replaceable. The SSD in the ASA 5516-X has 1000 GB of usable space and is also field replaceable.
Power Supply: The ASA 5508-X and ASA 5516-X ship with an internal AC power supply that provides 60 W.
Hardware Specifications
The following table contains hardware specifications for the ASA 5508-X and the ASA 5516-X.
More…Compare Models: ASA 5508-X vs. ASA 5516-X
Cisco ASA Model | ASA 5508-X | ASA 5516-X |
Stateful inspection throughput (max1) | 1 Gbps | 1.8 Gbps |
Stateful inspection throughput (multiprotocol2) | 500 Mbps | 900 Mbps |
Maximum application visibility and control (AVC) throughput | 450 Mbps | 850 Mbps |
Maximum AVC and NGIPS throughput | 250 Mbps | 600 Mbps |
Maximum concurrent sessions | 100,000 | 250,000 |
Maximum new connections per second | 10,000 | 20,000 |
Application control (AVC) or NGIPS sizing throughput [440 byte HTTP]3 | 200 Mbps | 500 Mbps |
Packets per second (64 byte) | 694,000 | 750,000 |
Maximum 3DES/AES VPN throughput4 | 175 Mbps | 250 Mbps |
Maximum site-to-site and IPsec IKEv1 client VPN user sessions4 | 100 | 300 |
Maximum Cisco AnyConnect IKEv2 remote access VPN or clientless VPN user sessions5 | 100 | 300 |
Cisco Cloud Web Security users | 565 | 2,000 |
VLANs | 50 | 100 |
High-availability support6 | A/A and A/S | A/A and A/S |
Integrated I/O | 8 x 1 GE | 8 x 1 GE |
Expansion I/O | Not available | Not available |
Dual power supplies | Not available | Not available |
Power | AC only | AC only |
1 Maximum throughput with UDP traffic measured under ideal test conditions
2 Multiprotocol = Traffic profile consisting primarily of TCP-based protocols or applications like HTTP, SMTP, FTP, IMAPv4, BitTorrent, and DNS.
3Activating more features will change performance.
4 VPN throughput and maximum sessions depend on the ASA device configuration and VPN traffic patterns, including average packet size. These elements should be taken into consideration as part of your capacity planning. Throughput represents the maximum possible IPsec throughput. The maximum number of users may be limited by your throughput requirements.
5 Requires AnyConnect Plus or Apex license. An Apex license is required for clientless VPN. See the AnyConnect Ordering Guide for details. The maximum number of users may be limited by your throughput requirements.
Reference from: https://www.cisco.com/c/en/us/td/docs/security/asa/hw/maintenance/5508xguide/b_install_guide_5508/b_install_guide_5508_chapter_0100.html
More Related New Cisco ASA 5500-X Topics
ASA 5506-X/SecurityPlus, 5506W-X & 5506H-X, Cisco ASA with FirePOWER Services, What’s New Here?