Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
356
Views
5
Helpful
1
Replies

ASA Features

Go to solution
Mero Cisco
Level 1
Level 1

‎05-05-2013 05:46 AM - edited ‎03-11-2019 06:38 PM

Hi,

I have got the ASA 5520 with the following licensed features:

=======================================================

Licensed features for this platform:

Maximum Physical Interfaces : Unlimited

Maximum VLANs               : 150

Inside Hosts                : Unlimited

Failover                    : Active/Active

VPN-DES                     : Enabled

VPN-3DES-AES                : Enabled

Security Contexts           : 2

GTP/GPRS                    : Disabled

VPN Peers                   : 750

WebVPN Peers                : 2

This platform has an ASA 5520 VPN Plus license.

=======================================================

1. Can I perform URL, Spam filtering with this one. I don't have any SSM installed on this machine ?

2. Can I perform IPS and Content Filtering with this single ASA?

3. Which family of ASA or other devices works both for anti-x features and IPS features with a single device?

4. Can I utilize any other features without installing the SSM ? I am using it as a plain firewall only ? Pls suggest if any other feature that I can use.

5. How can I fight with Botnet attacks through this ASA?

Thanks in advance,

Mero

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
sokakkar
Cisco Employee
Cisco Employee

‎05-06-2013 06:42 AM

Hi Merco,

Please see the answers inline:

1. Can I perform URL, Spam filtering with this one. I don't have any SSM installed on this machine ?

- You can perform URL filtering using regex, check this:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940c5a.shtml

https://supportforums.cisco.com/docs/DOC-1268

But regex can add to processing load so this should be used only when you need to block only a few websites. Else for full fledged URL-filtering, you can opt for CSC-SSM module or a websense/smartfilter(N2H2) in conjection with ASA:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008088517b.shtml

http://www.cisco.com/en/US/products/ps6823/index.html

2. Can I perform IPS and Content Filtering with this single ASA?

- You will need AIP-SSM (IPS) for intrusion prevention and for content filtering CSC is needed but only one can be used at a time.

3. Which family of ASA or other devices works both for anti-x features and IPS features with a single device?

- All ASA's come with IPS modules and CSC modules as a bundle. You can go for advanced ASA5500-X series devices (more info available with your Cisco reseller):

http://www.cisco.com/en/US/products/ps6120/index.html

4.  Can I utilize any other features without installing the SSM ? I am  using it as a plain firewall only ? Pls suggest if any other feature  that I can use.

- Check the link which I provided above for 5500-x series ASA's and following for ASA 5500 series:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/asa_84_cli_config.html

5. How can I fight with Botnet attacks through this ASA?

You will need botnet license on your existing ASA, see this document:

https://supportforums.cisco.com/docs/DOC-8782

http://www.cisco.com/en/US/prod/vpndevc/ps6032/ps6094/ps6120/botnet_index.html

-

Sourav

View solution in original post

1 Reply 1

Go to solution
sokakkar
Cisco Employee
Cisco Employee

‎05-06-2013 06:42 AM

Hi Merco,

Please see the answers inline:

1. Can I perform URL, Spam filtering with this one. I don't have any SSM installed on this machine ?

- You can perform URL filtering using regex, check this:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940c5a.shtml

https://supportforums.cisco.com/docs/DOC-1268

But regex can add to processing load so this should be used only when you need to block only a few websites. Else for full fledged URL-filtering, you can opt for CSC-SSM module or a websense/smartfilter(N2H2) in conjection with ASA:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008088517b.shtml

http://www.cisco.com/en/US/products/ps6823/index.html

2. Can I perform IPS and Content Filtering with this single ASA?

- You will need AIP-SSM (IPS) for intrusion prevention and for content filtering CSC is needed but only one can be used at a time.

3. Which family of ASA or other devices works both for anti-x features and IPS features with a single device?

- All ASA's come with IPS modules and CSC modules as a bundle. You can go for advanced ASA5500-X series devices (more info available with your Cisco reseller):

http://www.cisco.com/en/US/products/ps6120/index.html

4.  Can I utilize any other features without installing the SSM ? I am  using it as a plain firewall only ? Pls suggest if any other feature  that I can use.

- Check the link which I provided above for 5500-x series ASA's and following for ASA 5500 series:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/asa_84_cli_config.html

5. How can I fight with Botnet attacks through this ASA?

You will need botnet license on your existing ASA, see this document:

https://supportforums.cisco.com/docs/DOC-8782

http://www.cisco.com/en/US/prod/vpndevc/ps6032/ps6094/ps6120/botnet_index.html

-

Sourav

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card