Cisco ASA 5500-X Series Migration Options-ASA 5555-X, ASA 5525-X & ASA 5515-X

March 8 2017 , Written by Cisco & Cisco Router, Network Switch Published on #Networking, #IT, #Cisco Switches - Cisco Firewall

Product Migration Options-ASA 5550 to ASA 5555-X, ASA 5520 to ASA 5525-X, ASA 5510 to ASA 5515-X

Most of Cisco ASA 5500 Models have been announced end-of-life and end-of-sale, such as the ASA 5505, ASA 5510, ASA 5520, ASA 5540, and ASA 5550. Cisco ASA users and customers are encouraged to migrate to the newer Cisco ASA 5500-X Series of next-generation firewalls (NGFW), which includes the ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, ASA 5555-X and so forth.

In the following tables we will share the main Product Comparisons of ASA 5500 Models and the new ASA 5500-X models, which include the ASA 5550 and ASA 5555-X, ASA 5520 and ASA 5525-X, ASA 5510 and ASA 5515-X

ASA 5550 vs. ASA 5555-X

Feature	Cisco ASA 5550 Adaptive Security Appliance	Cisco ASA 5555-X Adaptive Security Appliance
Next-Generation Firewall	No	Yes
Application Visibility and Control Service	No	Yes
Web Security Service	No	Yes
IPS Service	No	Yes (Does not require separate hardware module)
Content Security Service	No	Similar functionality available through Cloud Web Security (formerly known as ScanSafe)
Firewall Throughput (Max)	1.2 Gbps	4 Gbps
IPS Throughput (Max)	Not Applicable	1.3 Gbps
VPN Throughput (Max)	425 Mbps	700 Mbps
Connections (Max)	600,000	1,000,000
Connections Per Second	33,000	50,000
Integrated I/O	8 GE Copper and 1 FE	8 GE Copper + Dedicated GE Copper Management Port
Expansion I/O	Not Available	6-port GE Copper, or 6-port GE SFP
CPU	Single Core	Multiple Cores
Memory	4 GB	16 GB
Dual Power Supplies	No	Yes
IPS Accelerator hardware	No	In-built hardware accelerator for both default and custom signatures
Hardware support for 2048-bit certificates	No	Yes

ASA 5540 to Cisco ASA 5545-X

Feature	Cisco ASA 5540 Adaptive Security Appliances	Cisco ASA 5545-X Adaptive Security Appliance
Next-Generation Firewall	No	Yes
Application Visibility and Control Service	No	Yes
Web Security Service	No	Yes
IPS Service	Yes (Requires separate Hardware module)	Yes (Does not require separate hardware module)
Content Security Card Module	Available	Similar functionality available through Cloud Web Security (formerly known as ScanSafe)
Firewall Throughput (Max)	650 Mbps	3 Gbps
IPS Throughput (Max)	650 Mbps	900 Mbps
VPN Throughput (Max)	325 Mbps	400 Mbps
Connections (Max)	400,000	750,000
Connections Per Second	25,000	30,000
Dual Power Supplies	No	Yes
Integrated I/O	4GE Cu + 1FE	6GE Cu
Expansion I/O	4-port GE Cu or 4-port GE SFP	6-port GE Cu or 6-port GE SFP
CPU	Single-core	Multiple cores
Memory	2GB	12GB
Hardware support for 2048-bit certificates	No	Yes

Migration Options-ASA 5520 to ASA 5525-X

The Cisco ASA 5525-X offers increased throughput, better interface density, and the ability to run services like IPS, AVC (Application Visibility and Control), WSE (Web Security Essentials), etc., without requiring a separate hardware module. Additionally, the ASA 5525-X includes a hardware chip to speed up IPS signature execution (for both default and custom signatures).

Refer to the table below for a detailed comparison between the ASA 5520 and ASA 5525-X. Customers can also upgrade to the Cisco ASA 5545-X, which provides the option of dual power supplies in addition to better performance and scaling.

Product Comparisons-ASA 5520 vs. ASA 5525-X

Feature	Cisco ASA 5520 Adaptive Security Appliance	Cisco ASA 5525-X Adaptive Security Appliance
Next-Generation Firewall	No	Yes
Application Visibility and Control Service	No	Yes
Web Security Service	No	Yes
IPS Service	Yes (Requires separate Hardware module)	Yes (Does not require separate hardware module)
Content Security Card Module	Yes	Similar functionality available through Cloud Web Security (formerly known as ScanSafe)
Firewall Throughput (Max)	450 Mbps	2 Gbps
IPS Throughput (Max)	450 Mbps	600 Mbps
VPN Throughput (Max)	225 Mbps	300 Mbps
Connections (Max)	280,000	500,000
Connections Per Second	12,000	20,000
Integrated I/O	4 GE Copper + 1 FE	8 GE Copper
Expansion I/O	4-port GE Cu or 4-port GE SFP	6-port GE Copper or 6-port GE SFP
CPU	Single Core	Multiple Cores
Memory	2 GB	8 GB
IPS Accelerator hardware	No. All signatures run on IPS Security Module CPU.	In-built hardware accelerator for both default and custom signatures
Hardware support for 2048-bit certificates	No	Yes

Migration Options-ASA 5510 to ASA 5515-X

The Cisco ASA 5512-X and ASA 5515-X offer increased throughput, better interface density, and the ability to run services like IPS, AVC (Application Visibility and Control), WSE (Web Security Essentials), etc., without requiring a separate hardware module. Customers can choose the ASA 5512-X if they do not want high availability, which comes as a default option on the ASA 5515-X.

Note that there is a license on the ASA 5512-X that enables high availability, should that be required later.

Product Comparisons: ASA 5510 vs. ASA 5515-X

Feature	Cisco ASA 5510 Adaptive Security Appliance	Cisco ASA 5515-X Adaptive Security Appliance
Next-Generation Firewall	No	Yes
Application Visibility and Control Service	No	Yes
Web Security Service	No	Yes
IPS Service	Yes (Requires separate Hardware module)	Yes (Does not require separate hardware module)
Content Security Service	Yes (Requires separate Hardware module)	Similar functionality available through Cloud Web Security (formerly known as ScanSafe)
Firewall Throughput (Max)	300 Mbps	1.2 Gbps
IPS Throughput (Max)	300 Mbps	400 Mbps
VPN Throughput (Max)	170 Mbps	250 Mbps
Connections (Max)	100,000	250,000
Connections Per Second	9,000	15,000
Integrated I/O	2GE Copper and 3FE	6 GE Copper
Expansion I/O	4-port GE Copper, or 4-port GE SFP	6-port GE Copper 6-port GE SFP
CPU	Single core	Multiple cores
Memory	1 GB	8 GB
Hardware support for 2048-bit certificates	No	Yes
USB thumb drive support	No	Yes (can be used to store logs and configuration files)