Networks Training

You are here: Home / Cisco ASA Firewall Configuration / Cisco ASA5510 Vs ASA5512-X or 5515-X

Cisco ASA5510 Vs ASA5512-X or 5515-X

Edited By

The Cisco ASA product line for small and branch offices includes 4 ASA models:

  • ASA5505 (either Basic License or Security Plus License)
  • ASA5510 (either Basic License or Security Plus License)
  • ASA5512-X (either Basic License or Security Plus License)
  • ASA5515-X

In this article I will describe the main differences between the ASA5510 and the newest generation ASA5512-X and ASA5515-X models. I have chosen these 3 models because Cisco ASA5512-X and 5515-X are recommended by Cisco as replacement models for the older 5510 firewall which will reach end-of-sale on September 16, 2013.

Specifically, Cisco recommends the following hardware migration path for the models above:

Older ASA Model

Recommended Replacement Model
ASA 5510 (Basic License) ASA 5512-X Basic License
ASA 5510 (Security Plus License) ASA 5512-X Security Plus License OR ASA 5515-X

 

As you can see above, both the 5510 and the 5512-X are offered with two types of licenses: Basic License (this is the default license type when you purchase) or a Security Plus License which costs extra money. On the other hand, the ASA5515-X comes with a single default license (there is no security plus license on this model).

The Security Plus license on the 5510 and 5512-X allows some enhancements such as additional VLANs (from 50 to 100), additional concurrent firewall sessions (on the 5510 model) etc. The most notable improvement offered by the Security Plus license on both 5510 and 5512-X is the device Failover support. It allows the devices to work in Active/Active or Active/Standby failover. This feature is not supported on the Basic license. (The 5515-X supports A/A and A/S failover by default).

MORE READING:  How to Configure OSPF on Cisco ASA Firewall (Example Config and Troubleshooting)

The table below shows the most important differences between ASA5510 and 5512-X / 5515-X appliances.

 

Spec.

ASA5510

ASA5512-X

ASA5515-X

Max Firewall Throughput

300 Mbps max

1 Gbps

1.2 Gbps

IPS Support

Needs extra hardware module

Supported with NO extra hardware

Supported with NO extra hardware

3DES/AES VPN Throughput

170 Mbps

200 Mbps

250 Mbps

IPSEC Site-to-Site and Client VPN sessions

250

250

250

Anyconnect SSL VPN User Sessions

250

250

250

Integrated Ethernet Interfaces

5×10/100 FE

OR

2×10/100/1000 and 3×10/100 with SecPlus

6×10/100/1000

6×10/100/1000

Next Generation Firewall Features

Not Supported

Supported (extra license or subscription needed)

Supported (extra license or subscription needed)

Regarding network interfaces, the 5510 basic license supports only FastEthernet (10/100 FE) interfaces while the 5512-X and 5515-X support Gigabit (10/100/1000) copper interfaces. So, if you are migrating the configuration of an ASA5510 to a new 5512-X or 5515-X you need to take into consideration the interface command syntax.

The interface configuration of these devices will look like the following:

MORE READING:  Site to Site VPN between Cisco ASA and Router

ASA 5510 Interface Configuration

! Physical Interface
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0

! Creating Subinterfaces on interface E0/2
interface Ethernet0/2
no nameif
no security-level
no ip address
no shutdown

interface Ethernet0/2.10
vlan 10
nameif fw-out
security-level 50
ip address 172.16.61.1 255.255.255.0

ASA 5512-X or 5515-X Interface Configuration

! Physical Interface
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0

! Creating Subinterfaces on interface GE0/2
interface GigabitEthernet0/2
no nameif
no security-level
no ip address
no shutdown

interface GigabitEthernet0/2.10
vlan 10
nameif fw-out
security-level 50
ip address 172.16.61.1 255.255.255.0

So as you can see if you are migrating from 5510 to 5512-X or 5515-X you should change the commands on the interface configuration syntax. Other than the above, almost all the other core firewall commands will be the same. If you are interested, the article here shows a basic ASA 5510 configuration.

Spread the love

Related Posts

Filed Under: Cisco ASA Firewall Configuration

Download Free Cisco Commands Cheat Sheets

Enter your Email below to Download our Free Cisco Commands Cheat Sheets for Routers, Switches and ASA Firewalls.

By subscribing to our email list you will be receiving technical tutorials and industry news from time-to-time. You can unsubscribe at any time.

About Harris Andrea

Harris Andrea is an Engineer with more than two decades of professional experience in the fields of TCP/IP Networks, Information Security and I.T. Over the years he has acquired several professional certifications such as CCNA, CCNP, CEH, ECSA etc.

He is a self-published author of two books ("Cisco ASA Firewall Fundamentals" and "Cisco VPN Configuration Guide") which are available at Amazon and on this website as well.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About Networks Training

We Provide Technical Tutorials and Configuration Examples about TCP/IP Networks with focus on Cisco Products and Technologies. This blog entails my own thoughts and ideas, which may not represent the thoughts of Cisco Systems Inc. This blog is NOT affiliated or endorsed by Cisco Systems Inc. All product names, logos and artwork are copyrights/trademarks of their respective owners.

Amazon Disclosure

As an Amazon Associate I earn from qualifying purchases.
Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.

BLOGROLL

Tech21Century
Firewall.cx