Table of Contents
Advertisement
Feature
Layer 2 Transparent
Firewall
VLAN-Based Virtual
Interfaces
OSPF Dynamic Routing
Routing Information
Protocol (RIP) Dynamic
Routing
Multicast Routing
QoS Services
IPv6 Networking
Security Level per Network
Interface
Dynamic Host
Configuration Protocol
(DHCP) Server
Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Benefit
•
Supports deployment of a Cisco ASA 5500 Series appliance in a secure Layer 2 bridging mode, providing rich
Layer 2–7 firewall security services for the protected network while remaining "invisible" to devices on each side
of it
•
Simplifies Cisco ASA 5500 Series appliance deployments in existing network environments by not requiring
businesses to readdress the protected networks
•
Supports creation of Layer 2 security perimeters by enforcing administrator-defined Ethertype-based access
control policies for Layer 2 network traffic
•
Provides increased flexibility when defining security policies and eases overall integration into switched network
environments by supporting the creation of logical interfaces based on IEEE 802.1q VLAN tags, and the creation
of security policies based on these virtual interfaces
•
Supports multiple virtual interfaces on a single physical interface through VLAN trunking and multiple VLAN trunks
per Cisco ASA 5500 Series appliance
•
Supports up to 10 VLANs on Cisco ASA 5510 appliances (with the Security Plus license), 25 VLANs on Cisco
ASA 5520 appliances, and 100 VLANs on Cisco ASA 5540 appliances
•
Provides comprehensive OSPF dynamic routing services on Cisco ASA 5500 Series appliances using technology
based on world-renowned Cisco IOS
•
Offers improved network reliability through fast route convergence and secure, efficient route distribution
•
Delivers a secure routing solution in environments using NAT through tight integration with Cisco ASA 5500 Series
NAT services
•
Supports MD5-based OSPF authentication, in addition to plaintext OSPF authentication, to prevent route spoofing
and various routing-based DoS attacks
•
Provides route redistribution between OSPF processes, including OSPF, static, and connected routes
•
Supports load balancing across equal-cost multipath routes
•
Enables secure integration in RIP based enterprise networks by learning routing updates for both versions 1 and 2
of the protocol
•
Protects against RIP-based reconnaissance activities and DoS attacks by supporting plaintext and keyed-MD5
authentication methods for RIPv2
•
Streamlines the delivery of multimedia traffic in videoconferencing, collaborative computing, and mission-critical
real-time enterprise applications through full PIM Sparse Mode v2 and bidirectional PIM routing support (based on
Cisco IOS Software Multicast technology)
•
Facilitates a wide range of multicast applications by including support for Internet Group Management Protocol
(IGMPv2) and stub multicast routing, including NAT and PAT and the ability to build ACLs for multicast traffic
•
Delivers per-flow, policy-based QoS services, with support for LLQ and Traffic Policing for prioritizing latency-
sensitive network traffic and limiting bandwidth usage of administrator-specified applications
•
Enables businesses to have end-to-end QoS policies for their extended networks
•
Provides access control and deep inspection firewall services for native IPv6 network environments and mixed
IPv4 and IPv6 network environments through dual-stack support
•
Delivers IPv6-enabled inspection services for applications based on HTTP, FTP, SMTP, ICMP, TCP, and UDP
•
Supports SSHv2, Telnet, HTTP and HTTPS, and ICMP-based management over IPv6
•
Leverages the Cisco PIX Security Appliance interface security-level concept to simplify deployment in DMZ
environments
•
Simplifies deployment of Cisco ASA 5500 Series appliances in intranet environments by allowing multiple
interfaces to share a common security level, and enabling administrators to define custom security policies for
traffic flowing between interfaces at the same security level, without intrinsically permitting any type of automatic
traffic flow
•
Provides DHCP server services on one or more interfaces, allowing devices to obtain IP addresses dynamically
•
Includes extensions for automated provisioning of Cisco IP phones and Cisco SoftPhone IP telephony solutions
© 2005 Cisco Systems, Inc. All rights reserved.
®
Software
Page 12 of 20
Advertisement
Table of Contents
