Cisco Catalyst 6500 Series/7600 Series ASA Services Module Data Sheet

Available Languages

Download Options

PDF (393.3 KB)
View with Adobe Reader on a variety of devices

Updated:February 7, 2013

Document ID:1457308828358732

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Product Overview

The Cisco^® Catalyst^® 6500 Series/7600 Series ASA Services Module delivers superior technology that seamlessly integrates with Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers to provide unmatched security, reliability, and performance. Based on the Cisco ASA platform, the most widely deployed firewall in the industry, the ASA Services Module supports the highest throughput, five times the concurrent connections, and twice as many connections per second as competitive network security modules, to meet the growing needs of today’s most dynamic organizations - all in a single blade architecture.

The ASA Services Module makes it easy to add full firewall capabilities to an existing infrastructure by sliding a blade into an empty slot in an existing Catalyst 6500 Series switch or Cisco 7600 Series router - no additional rack space, cabling, power, or physical interface is required (Figure 1). It also works in tandem with other modules in the chassis to deliver robust security throughout the entire chassis, effectively making every port a security port. By using the data center’s existing infrastructure to deliver network security services, the ASA Services Module delivers superior return on investment (ROI) and greatly simplifies maintenance and management.

Figure 1. Cisco Catalyst 6500 Series/7600 Series ASA Services Module

Features and Benefits

The ASA Services Module helps data centers increase effectiveness and efficiency in protecting their networks and applications. The module delivers exceptional protection of a Cisco Catalyst 6500 or Cisco 7600 Series investment and helps to reduce the total cost of network ownership - all while lowering operating costs and addressing intangible opportunity costs. This is accomplished through the following elements:

● Seamless integration. The ASA Services Module seamlessly integrates with Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers. Full firewall capabilities are added by simply sliding the ASA Services Module into an empty slot in the existing Catalyst 6500 Series switch or Cisco 7600 Series router. No rack space is required; since the module populates an empty slot within the existing switch or router; all interfaces are virtual, eliminating the need to manage physical interfaces. And because the module uses the existing switch or router connections, no re-cabling is required. As a result, the time required for installation and configuration is dramatically reduced, greatly simplifying the addition of security services. In contrast, adding a dedicated appliance for firewall services in an established data center requires significant effort, with corresponding human resources and costs.

● Simplified maintenance and management. The ASA Services Module integrates easily with the Catalyst 6500 or Cisco 7600 Series chassis, using the same connections and management software as the rest of the switch or router. In effect, the module becomes part of the switch or router, with almost no increase in the time, effort, and cost of managing and maintaining the network device. Essentially, high-performance network security services are added to an existing infrastructure at a fraction of the maintenance and management required by a standalone security appliance.

● Minimal environmental costs. As a fully integrated component of the Cisco Catalyst 6500 Series switch or Cisco 7600 Series router, the ASA Services Module utilizes the power and cooling from the switch or router. Moreover, it consumes far less power than competitive modules, and a fraction of what is required by standalone appliances. Redundant ASA Services Modules can run on the smallest power supply, and will only consume a maximum of 352.8W or 8.4A at 42V.

● Full site-to-site and SSL VPN. Businesses can extend their SSL and IPsec VPN capacity to support a larger number of mobile workers, remote sites, and business partners. Up to 10,000 Cisco AnyConnect^® and/or clientless VPN peers can be supported. VPN capacity and resiliency can be increased by taking advantage of integrated VPN load-balancing capabilities. The Cisco ASA Services Module supports up to 10 blades in a VPN cluster, offering a maximum of 100,000 AnyConnect and/or clientless VPN peers or 100,000 IPsec VPN peers. For business continuity and event planning, the Cisco ASA Services Module can also benefit from Cisco VPN Flex licenses, which enable administrators to react to or plan for short-term “bursts” of concurrent Premium VPN remote-access users for up to two months.

Table 1 lists some of the features of the Cisco Catalyst 6500 Series/7600 Series ASA Services Module.

Table 1. Features

Feature	Description
Performance
Maximum firewall throughput	20 Gbps
Multiprotocol firewall throughput	16 Gbps
Concurrent connections	10,000,000
Connections per second	300,000
Maximum 3DES/AES VPN throughput¹	2 Gbps
Maximum site-to-site and IPsec IKEv1 client VPN user sessions¹	10,000
Maximum AnyConnect or clientless VPN user sessions¹	10,000
Cisco Cloud Web Security users	7500
Capacities
Security contexts	5, 10, 20, 50, 100, 250 licenses (2 included)
Cards per switch	4 ASA Services Modules per Catalyst 6500 or Cisco 7600 Series chassis
VLANs	1000
High availability	Active/Active, Active/Standby
NAT translations	10 million
Transparent mode VLANs	16 pairs
Access control entries	2 million

¹ VPN support requires Cisco ASA Software Release 9.0.1 or later.

System Requirements

Table 2 lists the system requirements of the Cisco Catalyst 6500 Series/7600 Series ASA Services Module.

Table 2. System Requirements

ASA Release	Switch Hardware	Supervisor Engine or Route Switch Processor	Cisco IOS Release
8.5(1) and later	Catalyst 6500-E	SUP 720-10GE with MSFC3 & PFC3C (VS-S720-10G-3C)	12.2(33)SXJ2and later
		SUP 720-10GE with MSFC3 & PFC3CXL (VS-S720-10G-3CXL)
		SUP 720 with MSFC3 & PFC3B (WS-SUP720-3B)
		SUP 720 with MSFC3 & PFC3BXL (WS-SUP720-3BXL)
8.5(1.7) and later	Catalyst 6500-E	SUP 2T with MSFC5 & PFC4 (VS-S2T-10G)	15.0(1)SY1 and later
		SUP 2T with MSFC5 & PFC4XL (VS-S2T-10G-XL)
9.0(1) and later	Cisco 7606-S, 7609-S	RSP 720 with 10GE ports, MSFC4 & PFC-3C (RSP720-3C-10GE)	15.2(4)S2 and later
		RSP 720 with 10GE ports, MSFC4 & PFC-3CXL (RSP720-3CXL-10GE)
		RSP 720 with 2GE ports, MSFC4 & PFC-3C (RSP720-3C-GE)
		RSP 720 with 2GE ports, MSFC4 & PFC-3CXL (RSP720-3CXL-GE)
		SUP 720 with MSFC3 & PFC3B (WS-SUP720-3B)
		SUP 720 with MSFC3 & PFC3BXL (WS-SUP720-3BXL)
9.0(1) and later	Cisco 7604, 7609-S, 7613-S	SUP 2T with MSFC5 & PFC4 (VS-S2T-10G)	15.1(1)SY and later
		SUP 2T with MSFC5 & PFC4XL (VS-S2T-10G-XL)

Licensing

The Cisco Catalyst 6500 Series/7600 Series ASA Services Module uses Cisco ASA 5500 Series Security Context Licenses and Cisco ASA 5500 Series GTP Licenses. These licenses are listed in Table 3.

Table 3. ASA Services Module Licenses

Description	License Number
ASA 5500 5 Security Contexts License	ASA5500-SC-5
ASA 5500 5 Security Contexts License (spare)	ASA5500-SC-5=
ASA 5500 10 Security Contexts License	ASA5500-SC-10
ASA 5500 10 Security Contexts License (spare)	ASA5500-SC-10=
ASA 5500 20 Security Contexts License	ASA5500-SC-20
ASA 5500 20 Security Contexts License (spare)	ASA5500-SC-20=
ASA 5500 50 Security Contexts License	ASA5500-SC-50
ASA 5500 50 Security Contexts License	ASA5500-SC-50=
ASA 5500 100 Security Contexts License	ASA5500-SC-100
ASA 5500 100 Security Contexts License	ASA5500-SC-100=
ASA 5500 250 Security Contexts License	ASA5500-SC-250
ASA 5500 250 Security Contexts License	ASA5500-SC-250=
ASA 5500 5 to 10 Security Context License Upgrade	ASA5500-SC-5-10=
ASA 5500 10 to 20 Security Context License Upgrade	ASA5500-SC-10-20=
ASA 5500 20 to 50 Security Context License Upgrade	ASA5500-SC-20-50=
ASA 5500 50 to 100 Security Context License Upgrade	ASA-SC-50-100=
ASA 5500 100 to 250 Security Context License Upgrade	ASA-SC-100-250=
ASA 5500 GTP/GPRS Inspection License	ASA5500-GTP
ASA 5500 GTP/GPRS Inspection License	ASA5500-GTP=

Product Specifications

Table 4 lists the product specifications for the Cisco Catalyst 6500 Series/7600 Series ASA Services Module.

Table 4. Product Specifications

Specification	Description
Regulatory Compliance	CE Markings per directives 2004/108/EC and 2006/108/EC
Safety	UL 60950-1 CAN/CSA-C22.2 No. 60950-1 EN 60950-1 IEC 60950-1 AS/NZS 60950-1 GB4943
EMC (Emissions)	47CFR Part 15 (CFR 47) Class A AS/NZS CISPR22 Class A CISPR2 2 Class A EN55022 Class A ICES003 Class A VCCI Class A EN61000-3-2 EN61000-3-3 KN22 Class A CNS13438 Class A
EMC (Immunity)	EN50082-1 EN61000-6-1 EN55024 CISPR24 EN300386 KN 61000-4 Series
NEBS Criteria Levels	SR-3580 NEBS level 3 GR-63-CORE, issue 3; GR-1089 CORE, issue 4
Verizon NEBS Compliance	Telecommunications Carrier Group (TCG) Checklist
Qwest NEBS Requirements	Telecommunications Carrier Group (TCG) Checklist
ATT NEBS Requirements	ATT TP76200 level 3 TCG Checklist
ETSI	ETS 300 019-2-1, Class 1.2 Storage ETS 300 019-2-2, Class 2.3 Transportation ETS 300 019-2-3, Class 3.2 Stationary Use

Warranty Information

Find warranty information on Cisco.com at the Product Warranties page.

Ordering Information

Table 5 provides ordering information on the Cisco Catalyst 6500 Series/7600 Series ASA Services Module. To place an order, visit the Cisco Ordering page.

Table 5. Ordering Information

Product Name	Part Number
ASA Services Module for Catalyst 6500-E, 3DES/AES	WS-SVC-ASA-SM1-K9
ASA Services Module for Catalyst 6500-E, 3DES/AES (spare)	WS-SVC-ASA-SM1-K9=
ASA Services Module for Catalyst 6500-E, DES	WS-SVC-ASA-SM1-K8
ASA Services Module for Catalyst 6500-E, DES (spare)	WS-SVC-ASA-SM1-K8=
ASA Services Module for Catalyst 6500-E, NPE	WS-SVC-ASA-SM1-K7
ASA Services Module for Catalyst 6500-E, NPE (spare)	WS-SVC-ASA-SM1-K7=

To Download the Software

Visit the Cisco Software Center to download Cisco ASA Software.

Service and Support

Cisco services help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. Included in the “Operate” phase of the service lifecycle are Cisco Security IntelliShield Alert Manager Service, Cisco SMARTnet^®, and Cisco Service Provider Base. These services are suitable for enterprise, commercial, and service provider customers.

Cisco Security IntelliShield Alert Manager Service provides a customizable, web-based threat and vulnerability alert service that allows organizations to easily access timely, accurate, and credible information about potential vulnerabilities in their environment.

For More Information

For more information, please contact your local account representative, or visit the following links:

● Cisco Catalyst 6500 Series/7600 Series ASA Services Module: http://www.cisco.com/go/asasmc

● Cisco Catalyst 6500 Series Switch: http://www.cisco.com/en/US/products/hw/switches/ps708/index.html

● Cisco 7600 Series Router: http://www.cisco.com/en/US/products/hw/routers/ps368/index.html

● Cisco ASA 5500 Series Adaptive Security Appliance: http://www.cisco.com/go/asa

● Cisco Security Manager: http://www.cisco.com/go/csmanager

● Cisco Adaptive Security Device Manager: http://www.cisco.com/go/asdm

● Cisco Security Services: http://www.cisco.com/en/US/products/svcs/ps2961/ps2952/serv_group_home.html

● Cisco ASA 5500 Series Adaptive Security Appliance Licensing Information: http://www.cisco.com/en/US/products/ps6120/products_licensing_information_listing.html