The ASA Data Sheet can also be a little misleading so read carefully. You will see that Stateful Inspection throughput appears twice for each device. The one you should look at is Multi Protocol and not Max. Max is for UDP traffic only and not TCP packets which nearly every environment uses. You can see the different information at the bottom in the key.

Cisco ASA Model ASA 5505 / Security Plus ASA 5510 / Security Plus ASA 5512-X / Security Plus ASA 5515-X
5505 5510 5512 5515
Stateful Inspection throughput (max1) Up to 150 Mbps Up to 300 Mbps 1 Gbps 1.2 Gbps
Stateful Inspection throughput (multiprotocol2) 500 Mbps 600 Mbps
Next-Generation throughput3 (multiprotocol) 200 Mbps 350 Mbps
IPS throughput4 Up to 75 Mbps with AIP SSC-5 Up to 150 Mbps with AIP SSM-10; 300 Mbps with AIP SSM-20 250 Mbps
(Extra hardware module not required)
400 Mbps
(Extra hardware module not required)
Concurrent sessions 10,000 /25,000 50,000 /130,000 100,000 250,000
Connections per second 4,000 9,000 10,000 15,000
Packets per second (64 byte) 85,000 190,000 450,000 500,000
3DES/AES VPN throughput5 100 Mbps 170 Mbps 200 Mbps 250 Mbps
Site-to-site and IPsec IKEv1 client VPN user sessions 25 250 250 250
AnyConnect or clientless VPN user sessions 25 250 250 250
Cisco Cloud Web Security users 25 75 100 250
VLANs 3 (trunking disabled) / 20 (trunking enabled) 50 / 100 50 / 100 100
High-availability support6 Not available Not available; A/A and A/S Not available; A/A and A/S A/A and A/S
Integrated I/O 8-port FE with 2 Power over Ethernet (PoE) ports 5-port FE / 2-port 10/100/1000, 3-port FE 6-port 10/100/1000 6-port 10/100/1000
Expansion I/O Not available 4-port 10/100/1000 or 4-port GE (SFP) 6-port 10/100/1000 or 6-port GE (SFP) 6-port 10/100/1000 or 6-port GE (SFP)
Dual power supplies Not available Not available Not available Not available
Power AC/DC AC/DC AC/DC AC/DC

 


 

Cisco ASA Model ASA 5520 ASA 5525-X ASA 5540 ASA 5545-X ASA 5550 ASA 5555-X
  5520 5525 5540 5545 5505 5555
Stateful Inspection throughput (max1) 450 Mbps 2 Gbps 650 Mbps 3 Gbps 1.2 Gbps 4 Gbps
Stateful Inspection throughput (multiprotocol2) 1 Gbps 1.5 Gbps 2 Gbps
Next-Generation throughput3 (multiprotocol) 650 Mbps 1 Gbps 1.4 Gbps
IPS throughput4 Up to 225 Mbps with AIP SSM-10; 375 Mbps with AIP SSM-20; 450 Mbps with AIP SSM-40 600 Mbps
(Extra hardware module not required)
Up to 500 Mbps with AIP SSM-20; 650 Mbps with AIP SSM-40 900 Mbps
(Extra hardware module not required)
Not Available 1.3 Gbps
(Extra hardware module not required)
Concurrent sessions 280,000 500,000 400,000 750,000 650,000 1,000,000
Connections per second 12,000 20,000 25,000 30,000 33,000 50,000
Packets per second (64 byte) 320,000 700,000 500,000 900,000 600,000 1,100,000
3DES/AES VPN throughput5 225 Mbps 300 Mbps 325 Mbps 400 Mbps 425 Mbps 700 Mbps
Site-to-site and IPsec IKEv1 client VPN user sessions 750 750 5,000 2,500 5,000 5,000
AnyConnect or clientless VPN user sessions 750 750 2,500 2,500 5,000 5,000
Cisco Cloud Web Security users 300 500 1,000 1,500 2,000 3,000
VLANs 150 200 200 300 400 500
High-availability support6 A/A and A/S A/A and A/S A/A and A/S A/A and A/S A/A and A/S A/A and A/S
Integrated I/O 4-port 10/100/1000 and 1-port FE 8-port 10/100/1000 4-port 10/100/1000 + 1-port FE 8-port 10/100/1000 8-port 10/100/1000 + 1-port FE 8-port 10/100/1000
Expansion I/O 4-port 10/100/1000 or 4-port GE (SFP) 6-port 10/100/1000 or 6-port GE (SFP) 4-port 10/100/1000 or 4-port GE (SFP) 6-port 10/100/1000 or 6-port GE (SFP) None 6-port 10/100/1000 or 6-port GE (SFP)
Dual Power Supplies Not available Not available Not available Not available Not available Yes
Power AC/DC AC/DC AC/DC AC/DC AC/DC AC/DC

 


 

Cisco ASA Model ASA 5585-X with SSP10 ASA 5585-X with SSP20 ASA 5585-X with SSP40 ASA 5585-X with SSP60 ASA Services Module
5585 5585 5585 5585 Module
Stateful Inspection throughput (max1) 4 Gbps 10 Gbps 20 Gbps 40 Gbps 20 Gbps
Stateful Inspection throughput (multiprotocol2) 2 Gbps 5 Gbps 10 Gbps 20 Gbps 16 Gbps
Next-Generation throughput3 (multiprotocol) 2 Gbps
(with ASA CX SSP-10)
5 Gbps
(with ASA CX SSP-20)
Not available Not available Not available
IPS throughput4 (multiprotocol) 2 Gbps
(with IPS SSP-10)
3 Gbps
(with IPS SSP-20)
5 Gbps
(with IPS SSP-40)
10 Gbps
(with IPS SSP-60)
Not available
Concurrent sessions 1,000,000 2,000,000 4,000,000 10,000,000 10,000,000
Connections per second 50,000 125,000 200,000 350,000 300,000
Packets per second (64 byte) 1,500,000 3,000,000 5,000,000 9,000,000 5,000,000
3DES/AES VPN throughput5 1 Gbps 2 Gbps 3 Gbps 5 Gbps 2 Gbps
Site-to-site and IPsec IKEv1 client VPN user sessions 5,000 10,000 10,000 10,000 10,000
AnyConnect or clientless VPN user sessions 5,000 10,000 10,000 10,000 10,000
Cisco Cloud Web Security users 7,500 7,500 7,500 7,500 7,500
Integtrated I/O 8-port 10/100/1000 and 2-port 10 GE (SFP+)6 8-port 10/100/1000 and 2-port 10 GE (SFP+)6 6-port 10/100/1000 and 4-port 10 GE (SFP+) 6-port 10/100/1000 and 4-port 10 GE (SFP+) Provided by the switch or router
Expansion I/O7 8-port 10 GE(SFP/SFP+) or
4-port 10 GE(SFP/SFP+) or
20-port 1 GE (12-port 1 GE SFP and 8-port 10/100/100)
Provided by the switch or router
Dual power supplies Yes Yes Yes Yes Yes. Provided by the switch or router
VLANs 1,024 1,024 1,024 1,024 1,000
High-availability support8 1,024 1,024 1,024 1,024 1,000
Power AC AC AC AC AC/DC provided by the switch or router

1 Maximum throughput with UDP traffic measured under ideal test conditions
2 Multiprotocol = Traffic profile consisting primarily of TCP-based protocols/applications like HTTP, SMTP, FTP, IMAPv4, BitTorrent, and DNS.
3Throughput was measured using ASA CX Software Release 9.1.1 with multi-protocol traffic profile with both Application Visibility Control (AVC) and Web Security Essentials (WSE). Traffic logging was enabled as well.
4 Firewall traffic that does not go through IPS SSP module can have higher throughput.
5 VPN throughput and sessions count depend on the ASA device configuration and VPN traffic patterns. These elements should be taken into consideration as part of your capacity planning.
6 Requires a separate license
7 Half-width modules
8 A/A = Active/Active; A/S = Active/Standby

This data was pulled from the following Cisco Article


0 Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close Bitnami banner
Bitnami
Close Bitnami banner
Bitnami