Cisco ASA All-in-One Solution

Cisco ASA integrates all the firewall, IDS, and VPN capabilities of the previously mentioned products. This provides an all-in-one solution for your network. Incorporating all of these solutions into Cisco ASA secures the network without the need for extra overlay equipment or network alterations. This is something that many Cisco customers and network professionals have requested in a security product.

Firewall Services

All firewall capabilities from the Cisco PIX Firewall and the Cisco FWSM are included in Cisco ASA. All the features available on Cisco PIX 7. x software are available in Cisco ASA. For example, the Cisco ASA virtualization capabilities allow you to configure multiple firewalls on a single appliance. You can configure, implement, and manage these firewalls as if they were separate devices. In addition, you can screen and manage resources separately for specific applications.

Note

Chapter 9, "Security Contexts," covers virtualization in detail.

Cisco ASA enhances security for numerous Voice over IP (VoIP) and multimedia standards. It performs in-depth inspection for Layers 4�7 on several applications and protocols.

Note

Chapter 8, "Application Inspection," covers application inspection in detail.

Cisco ASA also provides high-availability and failover mechanisms to assure business continuity. It also offers advanced authentication, authorization, and accounting (AAA) services.

Note

Chapter 11, "Failover and Redundancy," shows you how to configure and troubleshoot the Cisco ASA redundancy mechanisms. Chapter 7, "Authentication, Authorization, and Accounting (AAA)," covers the details on configuring and troubleshooting AAA services.

IPS Services

Cisco ASA remains vigilant for attacks and notifies network administrators about them in real time. The strong integration with Cisco IPS version 5.x enables Cisco ASA to automatically shun (block) devices that it recognizes as being malicious. Additionally, Cisco ASA supports virtual packet reassembly. This enables the Cisco ASA to search for attacks that are hidden over a series of fragmented packets.

The AIP-SSM modules running Cisco IPS 5.x also have the ability to run in inline mode. When running in inline mode, all packets are forwarded to the AIP-SSM to be inspected. All packets that do not conform to security policies can be dropped before reaching the protected network, making this a true intrusion prevention system.

Note

Chapters 13, "Intrusion Prevention System Integration," provides details on the integration of IPS services in Cisco ASA, and Chapter 14, "Configuring and Troubleshooting Cisco IPS Software via the CLI," covers configuration and troubleshooting of IPS services in Cisco ASA.

VPN Services

Cisco ASA offers site-to-site and remote-access VPN solutions. The supported connectivity mechanisms include IPSec, and Cisco WebVPN clientless SSL-based VPN connectivity.

One of the biggest advantages of Cisco ASA is the unprecedented cost savings and performance offered through its ability to terminate site-to-site and remote-access VPN connections.