Cisco VPN and Firewall Routers
|
Contents |
Firewall and Security Routers
The best known of the dedicated Cisco Firewalls
are the PIX series, which also can provide dedicated VPN service, and they include the 501, 506, 515, 520, and 525 - as well
as newer "E" (enhanced) versions for many of them. Most of them also
come with restricted or unrestricted licenses, and varying feature sets and
security levels.
Licensing affects both concurrent users and hardware capabilities. Generally,
unrestricted licenses allow for up to 6 fast ethernet or gigabit ethernet
instead of two, unlimited concurrent sessions, and failover (redundant)
capabilities; click
here for detailed information on Cisco PIX licensing. For dedicated security
access, simple VPN services, and/or firewall capabilities, PIX firewalls are an
excellent value and high performance in these areas. They scale far better in
their specialty functions than modular routers and ISRs, and are considerably
easier to program since many of the general router configuration commands are
not needed. Click
here for Cisco's PIX product information.
Among the best values in PIX Firewalls is the
PIX 520-E, with unrestricted license, and with AES/3DES security, VPN, and
Failover options
enabled. The PIX 520 is the most ruggedly built of the PIX
line. It includes a floppy drive for external storage, and the enhanced version
adds a Pentium 4 processor with 256MB DRAM that eclipses the performance of the
P2 basic PIX 520. It is about six times as fast as a PIX 515, and outperforms that PIX 525 as well, for far less
money. Pictured at right is a PIX 520 with 4 fast ethernet ports (6 at
capacity).
Cisco's available PIX bundles and components are listed below.
| Cisco PIX 500 Series Security Appliances | |||
| Cisco PIX Security Appliance Bundles | |||
| PIX-501-50-BUN-K9 | PIX 501-50 3DES/AES Bundle (Chassis, SW, 50 Users, 3DES/AES) | ||
| PIX-501-BUN-K9 | PIX 501-10 3DES/AES Bundle (Chassis, SW, 10 Users, 3DES/AES) | ||
| PIX-501-UL-BUN-K9 | PIX 501-UL Bundle (Chassis, SW, Unlimited Users, 3DES/AES) | ||
| PIX-506E-BUN-K9 | PIX 506E 3DES/AES Bundle (Chassis, SW, 2 FE Ports, 3DES/AES) | ||
| PIX-535-AA-GE-BUN | PIX 535 FO-AA Bun (SW, Act/Act FO Lic, VAC+, 3 GE+2FE, 2 AC) | ||
| PIX-535-FO-GE-BUN | PIX 535-FO-GE Bundle (Chassis,Failover SW,3 GE+2 FE,VAC+) | ||
| PIX-515E-AA-FE-BUN | PIX 515E FO-AA Bundle (SW, Act/Act FO License, VAC+, 6 FE) | ||
| PIX-515E-DC-FO-BUN | PIX 515E-FO DC Bundle (Chas, Failover SW, 128MB, 2 FE, VAC+) | ||
| PIX-515E-DC-R-BUN | PIX 515E-R DC Bundle (Chas, Restricted SW, 64MB, 2 FE Ports) | ||
| PIX-515E-DC-UR-BUN | PIX 515E-UR DC Bundle (Chas,Unrestricted SW,128MB,2 FE,VAC+) | ||
| PIX-515E-FO-BUN | PIX 515E-FO Bundle (Chas, Failover SW, 128MB, 2 FE, VAC+) | ||
| PIX-515E-FO-FE-BUN | PIX 515E-FO-FE Bundle (Chas, Failover SW, 128MB, 6 FE,VAC+) | ||
| PIX-515E-R-BUN | PIX 515E-R Bundle (Chas, Restricted SW, 64MB, 2 FE Ports) | ||
| PIX-515E-R-DMZ-BUN | PIX 515E-DMZ Bundle (Chas, Restricted SW, 64MB, 3 FE Ports) | ||
| PIX515E-DMZ-CSA-K9 | Cisco Security Starter Bundle PIX 515E-R-DMZ, CSA, VMS Basic | ||
| PIX-515E-UR-BUN | PIX 515E-UR Bundle (Chas, Unrestricted SW, 128MB, 2 FE,VAC+) | ||
| PIX-515E-UR-FE-BUN | PIX 515E-UR-FE Bundle (Chas,Unrestricted SW,128MB,6 FE,VAC+) | ||
| PIX-525-AA-GE-BUN | PIX 525 FO-AA Bundle (SW, Act/Act FO Lic, VAC+, 2 GE+2FE) | ||
| PIX-525-FO-BUN | PIX 525-FO Bundle (Chassis, Failover SW, 2 FE Ports, VAC+) | ||
| PIX-525-FO-GE-BUN | PIX 525-FO-GE Bundle (Chassis,Failover SW,2 GE+2 FE,VAC+) | ||
| PIX-525-R-BUN | PIX 525-R Bundle (Chassis, Restricted SW, 2 FE Ports) | ||
| PIX-525-UR-BUN | PIX 525-UR Bundle (Chassis,Unrestricted SW,2 FE Ports,VAC+) | ||
| PIX-525-UR-GE-BUN | PIX 525-UR-GE Bundle (Chassis,Unrestr. SW,2 GE+2 FE,VAC+) | ||
| PIX-535-FO-BUN | PIX 535-FO Bundle (Chassis, Failover SW, 2 FE Ports, VAC+) | ||
| PIX-535-R-BUN | PIX 535-R Bundle (Chassis, Restricted SW, 2 FE Ports) | ||
| PIX-535-UR-BUN | PIX 535-UR Bundle (Chassis, Unrestricted SW, 2 FE, VAC+) | ||
| PIX-535-UR-GE-BUN | PIX 535-UR-GE Bundle (Chassis,Unrestr. SW,3 GE+2 FE,VAC+) | ||
| Cisco PIX Security Appliance Interfaces and Cards | |||
| PIX-1FE | PIX 10/100 Fast Ethernet interface card, RJ45 | ||
| PIX-1FE= | PIX 10/100 Fast Ethernet interface card, RJ45 | ||
| PIX-1GE-66 | PIX 66-MHz Gigabit Ethernet int. card, Multimode (SX) SC | ||
| PIX-1GE-66= | PIX 66-MHz Gigabit Ethernet int. card, Multimode (SX) SC | ||
| PIX-4FE-66 | PIX 66-MHz four-port 10/100 Fast Ethernet int. card, RJ45 | ||
| PIX-4FE-66= | PIX 66-MHz four-port 10/100 Fast Ethernet int. card, RJ45 | ||
| PIX-VAC-PLUS | PIX 66-MHz DES/3DES/AES VPN Accelerator Card+ (VAC+) | ||
| PIX-VAC-PLUS= | PIX 66-MHz DES/3DES/AES VPN Accelerator Card+ (VAC+) | ||
| Cisco PIX Security Appliance Memory Upgrades | |||
| PIX-515-MEM-64 | PIX 515/515E 64 MB Memory Upgrade | ||
| PIX-515-MEM-32 | PIX 515/515E 32MB RAM memory upgrade (UR only) | ||
| PIX-515-MEM-32= | PIX 515/515E with R License; 32 to 64 MB Memory Upgrade | ||
| PIX-52X-MEM-128 | PIX 525 128MB RAM memory upgrade (UR only) | ||
| PIX-515-MEM-128= | PIX 515/515E with UR/FO License; 64 to 128 MB Memory Upgrade | ||
| PIX-535-MEM-512 | PIX 535 512MB RAM memory upgrade (UR only) | ||
| PIX-FLASH-16MB= | PIX 16MB ISA flash memory card | ||
| PIX-MEM-5XX-128= | PIX 510/520 128MB RAM memory upgrade | ||
| PIX-MEM-UPG-128= | PIX Classic/10000 128MB RAM memory upgrade | ||
| Cisco PIX Security Appliance Spares and Accessories | |||
| PIX-501-PWR-AC= | PIX 501 spare AC power supply | ||
| PIX-506-PWR-AC= | PIX 506 spare AC power supply | ||
| PIX-506E-PWR-AC= | PIX 506E spare AC power supply | ||
| PIX-515-HW= | PIX 515/515E rack mounts, console cable, failover cable | ||
| PIX-515-PWR-AC= | PIX 515/515E spare AC power supply | ||
| PIX-525-HW= | PIX 525 rack mounts, console cable, failover cable | ||
| PIX-535-HW= | PIX 535 rack mounts, console cable, failover cable | ||
| PIX-535-PWR-AC | PIX 535 AC power supply | ||
| PIX-535-PWR-AC= | PIX 535 spare AC power supply | ||
| PIX-535-PWR-BLANK | Blank to fill unused power supply slot on PIX 535 | ||
| PIX-535-PWR-BLANK= | Blank to fill unused power supply slot on PIX 535 | ||
| PIX-535-PWR-DC | PIX 535 DC power supply | ||
| PIX-535-PWR-DC= | PIX 535 spare DC power supply | ||
| PIX-BLANK-SLOT | Blank to fill unused interface slots on PIX Firewall | ||
| PIX-FO= | PIX failover serial cable | ||
Cisco also offers the ASA5500 Security
Appliance Series, which adds and combines a number of features (Click
here for Cisco's overview of this line and available models). The ASA5500 line
provides a variety of advanced security features, including security over
phishing, spam, hacking, spyware, and viruses. The entry level ASA5505 can have
limited as well as unrestricted user versions, while higher level models (5510,
5520, 5540, and others) are unlimited user versions. Higher level models provide
greater throughput capabilities as well as enhanced features - refer to Cisco
for differences among the models. As shown in the ASA5520 at left, the ASA lines
sport newer features, including compact flash modules, USB ports, 10/100/1000
gigabit interfaces, and expansion slots which can be provisioned with modules
adding highly sophisticated security features in addition to those built-in.
Cisco has two types of SSM expansion modules, the ASA-SSM-CSC (Content Security and Control Security Services Module) and the ASA-SSM-AIP (Advanced Inspection and Prevention Security Services Module) . Cisco describes the CSC-SSM module as follows: "The Cisco ASA 5500 Series Content Security and Control Security Services Module (CSC-SSM) delivers industry-leading threat protection and content control at the Internet edge providing comprehensive antivirus, anti-spyware, file blocking, anti-spam, anti-phishing, URL blocking and filtering, and content filtering, all available in a comprehensive easy-to-manage solution delivered by industry leaders. The CSC-SSM bolsters the Cisco ASA 5500 Series' strong security capabilities providing customers with additional protection and control over the content of their business communications. The service module provides additional flexibility and choice over the functionality and deployment of Cisco's award-winning Cisco ASA 5500 Series Family of appliances." The ASA-SSM-AIP is described as follows: "The Cisco® Advanced Inspection and Prevention Security Services Module (AIP-SSM) for the Cisco ASA 5500 Series Adaptive Security Appliance provides proactive, full-featured intrusion prevention services to stop malicious traffic, including worms and network viruses, before they can affect your network."
ASA550 models and expansion modules are listed below:
| Cisco ASA 5500 Series Adaptive Security Appliance Models | |||
| Cisco ASA 5500 Series Business Edition Bundles | |||
| ASA5505-50-BUN-K8 | ASA 5505 Appliance with SW, 50 Users, 8 ports, DES | ||
| ASA5505-UL-BUN-K8 | ASA 5505 Appliance with SW, UL Users, 8 ports, DES | ||
| ASA5505-SEC-BUN-K8 | ASA 5505 Sec Plus Appliance with SW, UL Users, HA, DES | ||
| ASA5510-K8 | ASA 5510 Appliance with SW, 3FE, DES | ||
| ASA5505-50-BUN-K9 | ASA 5505 Appliance with SW, 50 Users, 8 ports, 3DES/AES | ||
| ASA5505-UL-BUN-K9 | ASA 5505 Appliance with SW, UL Users, 8 ports, 3DES/AES | ||
| ASA5505-SEC-BUN-K9 | ASA 5505 Sec Plus Appliance with SW, UL Users, HA, 3DES/AES | ||
| ASA5510-BUN-K9 | ASA 5510 Appliance with SW, 3FE, 3DES/AES | ||
| ASA5510-CSC10-K9 | ASA 5510 Appl w/ CSC10, SW, 50 Usr AV/Spy, 1 YR Subscript | ||
| ASA5510-SEC-BUN-K9 | ASA 5510 Security Plus Appliance with SW, HA, 5FE, 3DES/AES | ||
| Cisco ASA 5500 Series Firewall Edition Bundles | |||
| ASA5505-50-BUN-K8 | ASA 5505 Appliance with SW, 50 Users, 8 ports, DES | ||
| ASA5505-50-BUN-K9 | ASA 5505 Appliance with SW, 50 Users, 8 ports, 3DES/AES | ||
| ASA5505-UL-BUN-K8 | ASA 5505 Appliance with SW, UL Users, 8 ports, DES | ||
| ASA5505-UL-BUN-K9 | ASA 5505 Appliance with SW, UL Users, 8 ports, 3DES/AES | ||
| ASA5505-SEC-BUN-K8 | ASA 5505 Sec Plus Appliance with SW, UL Users, HA, DES | ||
| ASA5505-SEC-BUN-K9 | ASA 5505 Sec Plus Appliance with SW, UL Users, HA, 3DES/AES | ||
| ASA5510-K8 | ASA 5510 Appliance with SW, 3FE, DES | ||
| ASA5510-DC-K8 | ASA 5510 Appliance with DC power, SW, 3FE, DES | ||
| ASA5510-BUN-K9 | ASA 5510 Appliance with SW, 3FE, 3DES/AES | ||
| ASA5510-SEC-BUN-K9 | ASA 5510 Security Plus Appliance with SW, HA, 5FE, 3DES/AES | ||
| ASA5520-K8 | ASA 5520 Appliance with SW, HA, 4GE+1FE, DES | ||
| ASA5520-DC-K8 | ASA 5520 Appliance with DC power, SW, HA, 4GE+1FE, DES | ||
| ASA5520-BUN-K9 | ASA 5520 Appliance with SW, HA, 4GE+1FE, 3DES/AES | ||
| ASA5540-K8 | ASA 5540 Appliance with SW, HA, 4GE+1FE, DES | ||
| ASA5540-DC-K8 | ASA 5540 Appliance with DC power, SW, HA, 4GE+1FE, 3DES/AES | ||
| ASA5540-BUN-K9 | ASA 5540 Appliance with SW, HA, 4GE+1FE, 3DES/AES | ||
| ASA5550-K8 | ASA 5550 Appliance with SW, HA, 8GE+1FE, DES | ||
| ASA5550-DC-K8 | ASA 5550 Appliance with DC power, SW, HA, 8GE+1FE, DES | ||
| ASA5550-BUN-K9 | ASA 5550 Appliance with SW, HA, 8GE+1FE, 3DES/AES | ||
| Cisco ASA 5500 Series IPS Edition Bundles | |||
| ASA5510-AIP10-K8 | ASA 5510 Appliance with AIP-SSM-10, SW, 3FE, DES | ||
| ASA5520-AIP10-K8 | ASA 5520 Appliance w/ AIP-SSM-10, SW, HA, 4GE+1FE, DES | ||
| ASA5520-AIP20-K8 | ASA 5520 Appliance w/ AIP-SSM-20, SW, HA, 4GE+1FE, DES | ||
| ASA5540-AIP20-K8 | ASA 5540 Appliance w/ AIP-SSM-20, SW, HA, 4GE+1FE, DES | ||
| ASA5510-AIP10-DCK9 | ASA 5510 Appl. w/ AIP10, DC Pwr, SW, 3 FE, 3DES/AES | ||
| ASA5510-AIP10-K9 | ASA 5510 Appliance with AIP-SSM-10, SW, 3FE, 3DES/AES | ||
| ASA5520-AIP10-K9 | ASA 5520 Appliance w/ AIP-SSM-10, SW, HA, 4GE+1FE, 3DES/AES | ||
| ASA5520-AIP20-K9 | ASA 5520 Appliance w/ AIP-SSM-20, SW, HA, 4GE+1FE, 3DES/AES | ||
| ASA5540-AIP20-K9 | ASA 5540 Appliance w/ AIP-SSM-20, SW, HA, 4GE+1FE, 3DES/AES | ||
| Cisco ASA 5500 Series Anti-X Edition Bundles | |||
| ASA5510-CSC10-K9 | ASA 5510 Appl w/ CSC10, SW, 50 Usr AV/Spy, 1 YR Subscript | ||
| ASA5510-CSC20-K9 | ASA 5510 Appl w/ CSC20, SW, 500 Usr AV/Spy, 1 YR Subscript | ||
| ASA5520-CSC10-K9 | ASA 5520 Appl w/ CSC10, SW, 50 Usr AV/Spy, 1 YR Subscript | ||
| ASA5520-CSC20-K9 | ASA 5520 Appl w/ CSC20, SW, 500 Usr AV/Spy, 1 YR Subscript | ||
| ASA5510-CSC10-K8 | ASA 5510 Appl w/ CSC10, SW,50 Usr AV/Spy, 1 YR Subscript,DES | ||
| ASA5520-CSC20-K8 | ASA 5520 Appl w/ CSC20, SW,500 Usr AV/Spy,1 YR Subscript,DES | ||
| Cisco ASA 5500 Series VPN Edition Bundles | |||
| ASA5505-SSL10-K8 | ASA 5505 VPN Edition w/ 10 SSL Users, 50 Firewall Users, DES | ||
| ASA5505-SSL10-K9 | ASA 5505 VPN Edition w/ 10 SSL Users, 50 FW Users, 3DES/AES | ||
| ASA5505-SSL25-K8 | ASA 5505 VPN Edition w/ 25 SSL Users, 50 Firewall Users, DES | ||
| ASA5505-SSL25-K9 | ASA 5505 VPN Edition w/ 25 SSL Users, 50 FW Users, 3DES/AES | ||
| ASA5510-SSL50-K9 | ASA 5510 VPN Edition w/ 50 SSL User License, 3DES/AES | ||
| ASA5510-SSL100-K9 | ASA 5510 VPN Edition w/ 100 SSL User License, 3DES/AES | ||
| ASA5510-SSL250-K9 | ASA 5510 VPN Edition w/ 250 SSL User License, 3DES/AES | ||
| ASA5520-SSL500-K9 | ASA 5520 VPN Edition w/ 500 SSL User License, HA, 3DES/AES | ||
| ASA5540-SSL1000-K9 | ASA 5540 VPN Edition w/ 1000 SSL User License, HA, 3DES/AES | ||
| ASA5540-SSL2500-K9 | ASA 5540 VPN Edition w/ 2500 SSL User License, HA, 3DES/AES | ||
| ASA5550-SSL2500-K9 | ASA 5550 VPN Edition w/ 2500 SSL User License, HA, 3DES/AES | ||
| ASA5550-SSL5000-K9 | ASA 5550 VPN Edition w/ 5000 SSL User License, HA, 3DES/AES | ||
| Cisco ASA 5500 Series Security Services Modules | |||
| ASA-SSM-AIP-10-K9 | ASA 5500 AIP Security Services Module-10 | ||
| ASA-SSM-AIP-10-K9= | ASA 5500 AIP Security Services Module-10 | ||
| ASA-AIP-10-INC-K9 | ASA 5500 AIP Security Services Module-10 included w/ bundles | ||
| ASA-SSM-AIP-20-K9 | ASA 5500 AIP Security Services Module-20 | ||
| ASA-SSM-AIP-20-K9= | ASA 5500 AIP Security Services Module-20 | ||
| ASA-AIP-20-INC-K9 | ASA 5500 AIP Security Services Module-20 included w/ bundles | ||
| ASA-CSC-10-INC-K9 | ASA 5500 CSC Security Services Module-10 included w/ bundles | ||
| ASA-CSC-20-INC-K9 | ASA 5500 CSC Security Services Module-20 included w/ bundles | ||
| ASA-SSM-CSC-10-K9 | ASA Content Security SSM-10 w/ 50 Usr AV/Spy, 1YR Subscript | ||
| ASA-SSM-CSC-20-K9= | ASA Content Security SSM-20 w/ 500 Usr AV/Spy, 1YR Subscript | ||
| ASA-SSM-CSC-10-K9= | ASA Content Security SSM-10 w/ 50 Usr AV/Spy, 1YR Subscript | ||
| SSM-4GE | ASA 5500 4-Port Gigabit Ethernet SSM (RJ-45+SFP) | ||
| SSM-4GE= | ASA 5500 4-Port Gigabit Ethernet SSM (RJ-45+SFP) | ||
| Cisco ASA 5500 Series Accessories | |||
| GLC-SX-MM= | GE SFP, LC connector SX transceiver | ||
| GLC-LH-SM= | GE SFP,LC connector LX/LH transceiver | ||
| ASA5505-PWR-AC= | ASA 5505 spare AC power supply adapter | ||
| ASA5500-CF-512MB= | ASA 5500 Series Compact Flash, 512MB | ||
| ASA5500-HW= | ASA 5500 Hardware Accessory Kit (Rack Mounts, Cables) | ||
| ASA-180W-PWR-AC= | ASA 180W AC Power Supply | ||
| ASA-180W-PWR-DC= | ASA 180W DC Power Supply | ||
| ASA5500-CF-256MB= | ASA 5500 Series Compact Flash, 256MB | ||
traverses the Internet. Because IPsec can be deployed across any IP network, it
is an attractive option for customers needing VPN services and has become the
de-facto standard in remote access. CVPN3000s can be installed so that (1)
authorized users can connect in using a VPN client to access a secure network
and (2) multiple networks in different locations can be connected to function as
one network using CVPN3000s in each location. This allows users to access
network resources in multiple locations.
The
Cisco VPN 3000 Concentrator Model Comparison (CVPN3030, CVPN3060, CVPN3080)
The CVPN3000 can be provisioned with SEP-200U encryption modules (supporting DES/3DES) or SEP-E modules (supporting DES/3DES/AES). Access can be clientless, by using CVPN3000s to bridge networks in different locations, or by using Cisco’s VPN client (included with each CVPN3000), or by using a VPN 3002 hardware client – a small VPN router designed to connect a small office network to the main network. ISPTrader recently purchased the brand-new CVPN3000 stock of a distributor with the following pricing:
CVPN3030-NR-BUN $1,900
CVPN3030-RED-BUN $2,500
CVPN3060-NR-BUN $2,500
CVPN3060-RED-BUN $4,990
CVPN3080-RED-BUN $5,990
CVPN3000 Bundles with SEP-E encryption modules, dual AC
CVPN3030E-NR-BUN $3,900
CVPN3030E-RED-BUN $6,250
CVPN3060E-NR-BUN $6,250
CVPN3060E-RED-BUN $9,990
CVPN3080E-RED-BUN $10,750
CVPN3000 chassis with dual AC $995
CVPN3000 chassis spare - no power $750
SEP-200U $1,495
SEP-E $2,750
CVPN3000 AC power supplies $195
CVPN3000 rackmounts $25
| Important notes and terms: All sales and shipping are FOB shipping point - it is the buyer's responsibility to request any shipping insurance coverage on items purchased. Unless otherwise stated, our equipment has a 90 day warranty against defect, but not misuse or abuse. Extended warranties are also available. Software relicensing, when applicable, is the responsibility of the buyer (For information on Cisco licensing policies, please click here). All brand and trade names mentioned herein are the property of their respective owners. All content of this site is © ISPTrader and North Coast Online Inc. |