Although Cisco created a new series of ASA appliances (5500-X series), there are hundreds of thousands of older Cisco ASA 5500 models installed and working in networks all over the world.
If you are one of those professionals who are considering upgrading your older ASA5500 appliances with the new “X” models, here is a comparison article for you with the most important similarities and differences between the two ASA generations.
What Cisco recommends as replacement models for the older ASA5500?
The similarities between the two Cisco ASA generations/ ASA5500 and ASA5500-X generation
Similarities
The major similarity between ASA5500 and ASA5500-X generation is on core firewall functionality and configuration. That is, the major firewall features (NAT, Access Control Lists, VPN configuration, routing, failover configuration, traffic inspection, modular policies, file system management, VLAN and sub interfaces, authentication etc.) are configured exactly the same on both ASA5500 and ASA5500-X models. In fact, the new software version 9.X runs on both ASA series.
So, if you have an existing ASA 5500 model which works as a regular firewall and you don’t need any new fancy features (called “Next Generation Firewall” features) then you can stay with your current model for now. You should consider though that Cisco has announced the End-of-Sale for the Cisco ASA 5500 models which is September 16, 2013. The last date of support for the ASA 5500 generation is September 30, 2018.
Differences
Of course with every new generation of appliances, almost always the new models are improved in terms of both hardware and software capabilities. Let’s see the major differences in bullet form.
More…
Cisco ASA5510 Vs ASA5512-X or Cisco 5515-X
Cisco ASA 5520 Basic Configuration Guide
If you are one of those professionals who are considering upgrading your older ASA5500 appliances with the new “X” models, here is a comparison article for you with the most important similarities and differences between the two ASA generations.
What Cisco recommends as replacement models for the older ASA5500?
The similarities between the two Cisco ASA generations/ ASA5500 and ASA5500-X generation
Similarities
The major similarity between ASA5500 and ASA5500-X generation is on core firewall functionality and configuration. That is, the major firewall features (NAT, Access Control Lists, VPN configuration, routing, failover configuration, traffic inspection, modular policies, file system management, VLAN and sub interfaces, authentication etc.) are configured exactly the same on both ASA5500 and ASA5500-X models. In fact, the new software version 9.X runs on both ASA series.
So, if you have an existing ASA 5500 model which works as a regular firewall and you don’t need any new fancy features (called “Next Generation Firewall” features) then you can stay with your current model for now. You should consider though that Cisco has announced the End-of-Sale for the Cisco ASA 5500 models which is September 16, 2013. The last date of support for the ASA 5500 generation is September 30, 2018.
Differences
Of course with every new generation of appliances, almost always the new models are improved in terms of both hardware and software capabilities. Let’s see the major differences in bullet form.
- The new asa 5500-X models provide around 4 times more firewall throughput than the older 5500 models. Also, they offer 60% higher VPN throughput.
- The new Cisco 5500-X is running on multicore 64-bit processors compared with single core 32-bit processors on older ASA models.
- The new 5500-X models support Next-Generation Firewall Services either as cloud-based services (such as Cloud Web Security and Web Security Essentials) or as software based modules which do not need additional hardware (only a license to use the software module). You should note however that the “Next-Generation Firewall Services” cost extra money in addition to the core firewall appliance. You will either need to purchase Cloud Subscription or purchase software licenses (for the IPS software module for example).
- For Intrusion Prevention functionality (IPS) you don’t need an additional hardware module like the older 5500 generation. You can enable an embedded IPS on any 5500-X model by purchasing a software license.
- More network interfaces available on the 5500-X models (up to 14 Gigabit Ethernet ports).
- On ASA5500-X models the management interface port is shared between the Firewall and the embedded IPS module. Also, the management port on ASA5500-X cannot be used as a data port. Remember that on the older 5500 models you could use the management port as a data port as well (as a regular interface). This is not supported on 5500-X models. Management port is only for management of the appliance.
More…
Cisco ASA5510 Vs ASA5512-X or Cisco 5515-X
Cisco ASA 5520 Basic Configuration Guide