Cisco ASA 5508-X and Cisco ASA 5516-X Overview

Of course, the new ASA 5508-X and ASA 5516-X are the members of Cisco ASA 5500-X series with FirePOWER Services. 

ASA-5506-16-X-Family

In the previous articles, we introduces many topics about the new ASA 5506-X/SecurityPlus, 5506W-X & 5506H-X, especially the ASA 5506-X firewall, such as new features, main model comparison, start guide, etc. So in this article, we will check some main hardware features of the Cisco ASA 5508-X and 5516-X, including package contents, network ports, console ports, power supply, hardware specs, etc.

The package contents for the ASA 5508-X and ASA 5516-X.

Note that the contents are subject to change, and your exact contents might contain additional or fewer items.

The package contents for the ASA 5508-X and ASA 5516-X

1 Chassis 2 Blue Console Cable PC Terminal Adapter
3 Power cord 4 4 10-32 Phillips screws for rack mounting
5 4 12-14 Phillips screws for rack mounting 6 4 M6 Phillip screws for rack mounting
7 4 M4 Phillips screws for rack mounting

The front panel of the ASA 5508-X. The ASA 5516 has an identical front panel.

The front panel of the ASA 5508-X

The rear panel of the Cisco ASA 5508-X and ASA 5516-X

The rear panel of the Cisco ASA 5508-X and ASA 5516-X

ASA 5508-X & ASA 5516-LED-Description

ASA 5508-X & ASA 5516-LED-Description

Status Lights

The status lights are located just off center on the front panel, and just to the left of the network ports on the rear panel, with the SSD light to the right of the Reset port.

LED Description
Power Power supply status:

  • Unlit – Power supply off.
  • Solid green – Power supply on.
Status System operating status:

  • Green – Normal system function.
  • Amber – Critical alarm indicating one or more of the following:
    • Major failure of a hardware or software component.
    • Over-temperature condition.
    • Power voltage outside the tolerance range.
Active Status of the failover pair:

  • Solid green – Failover pair operating normally.
  • Unlit – Failover is not operational.
SSD Solid-state drive (SSD) status:

  • Unlit – No SSD present.
  • Green – Activity on the drive.
Note    See replace the SSD in the ASA for information on replacing a failed SSD.
Network port status On the rear panel, a pair of LEDs (Link status and connection Status) for each of the eight Gigabit Ethernet network ports, and the Gigabit Ethernet Management port.Link status (L):

  • Unlit – No link, or port is not in use.
  • Solid green – Link established.
  • Flashing green – Link activity.

Connection-speed status (S):

  • One blink every three seconds – 10 Mbps.
  • Two rapid blinks – 100 Mbps.
  • Three rapid blinks – 1000 Mbps.

Network Ports: Looking at the rear of the ASA, where the ports are located, port 1 is on the left, and port 8 is on the right, next to the console and management ports. Each port is accompanied by a pair of LEDs, one each for link status (L) and connection status (S). The ports are named and numbered Gigabit Ethernet 1/1 through Gigabit Ethernet 1/8.

Console Ports: The ASA has two external console ports, a standard RJ-45 port and a Mini USB Type B serial port. Only one console port can be active at a time. When a cable is plugged into the USB console port, the RJ-45 port becomes inactive. Conversely, when the USB cable is removed from the USB port, the RJ-45 port becomes active. The console ports do not have any hardware flow control. You can use the command-line interface (CLI) to configure your ASA through either serial console port by using a terminal server or a terminal emulation program on a computer.

RJ-45 Port : The RJ-45 (8P8C) port supports RS-232 signalling to an internal UART controller. The RJ-45 console port does not support a remote dial-in modem. You can use a standard management cable (Cisco part number 72-3383-01) to convert the RJ45-to-DB9 connection if necessary.

Mini USB Type B Port: The Mini USB Type B port lets you connect to a USB port on an external computer. For Linux and Macintosh systems, no special driver is required. For Windows systems, you must download and install a USB driver (available on software.cisco.com). You can plug and unplug the USB cable from the console port without affecting Windows HyperTerminal operations. We recommend shielded USB cables with properly terminated shields. Baud rates for the USB console port are 1200, 2400, 4800, 9600, 19200, 38400, 57600, and 115200 bps.

Note: For Windows operating systems, you must install a Cisco Windows USB Console Driver on any PC connected to the console port before using the USB console port.

Internal and External Flash Storage: The ASA contains one internal USB flash drive, and a standard USB Type A port that you can use to attach an external device. The USB port can provide output power of 5 volts, up to a maximum of 500 mA (5 USB power units).

Internal USB Device : An embedded eUSB device is used as the internal flash; it is identified as disk0.

External USB Drive (Optional) : You can use the external Type A USB port to attach a data-storage device. The external USB drive identifier is disk1. When the ASA is powered on, a connected USB drive is mounted as disk1 and is available for you to use. Additionally, the file-system commands that are available to disk0 are also available to disk1, including copy, format, delete, mkdir, pwd, cd, and so on.

If you insert a USB drive with more than one partition, only the first partition is mounted.

FAT-32 File System : The ASA only supports FAT-32-formatted file systems for the internal eUSB and external USB drives. If you insert an external USB drive that is not in FAT-32 format, the system mounting process fails, and you receive an error message. You can enter the command format disk1: to format the partition to FAT-32 and mount the partition to disk1 again; however, data might be lost.

Solid State Drive: The ASA 5508-X and 5516-X ship with an SSD installed that provides storage support. The SSD in the ASA 5508-X has 80 GB of usable space and is field-replaceable. The SSD in the ASA 5516-X has 1000 GB of usable space and is also field replaceable.

Power Supply: The ASA 5508-X and ASA 5516-X ship with an internal AC power supply that provides 60 W. 

Hardware Specifications

The following table contains hardware specifications for the ASA 5508-X and the ASA 5516-X.

hardware specifications for the ASA 5508-X and the ASA 5516-X

More…Compare Models: ASA 5508-X vs. ASA 5516-X

Cisco ASA Model ASA 5508-X ASA 5516-X
Stateful inspection throughput (max1) 1 Gbps 1.8 Gbps
Stateful inspection throughput (multiprotocol2) 500 Mbps 900 Mbps
Maximum application visibility and control (AVC) throughput 450 Mbps 850 Mbps
Maximum AVC and NGIPS throughput 250 Mbps 600 Mbps
Maximum concurrent sessions 100,000 250,000
Maximum new connections per second 10,000 20,000
Application control (AVC) or NGIPS sizing throughput [440 byte HTTP]3 200 Mbps 500 Mbps
Packets per second (64 byte) 694,000 750,000
Maximum 3DES/AES VPN throughput4 175 Mbps 250 Mbps
Maximum site-to-site and IPsec IKEv1 client VPN user sessions4 100 300
Maximum Cisco AnyConnect IKEv2 remote access VPN or clientless VPN user sessions5 100 300
Cisco Cloud Web Security users 565 2,000
VLANs 50 100
High-availability support6 A/A and A/S A/A and A/S
Integrated I/O 8 x 1 GE 8 x 1 GE
Expansion I/O Not available Not available
Dual power supplies Not available Not available
Power AC only AC only

1 Maximum throughput with UDP traffic measured under ideal test conditions
2 Multiprotocol = Traffic profile consisting primarily of TCP-based protocols or applications like HTTP, SMTP, FTP, IMAPv4, BitTorrent, and DNS.
3Activating more features will change performance.
4 VPN throughput and maximum sessions depend on the ASA device configuration and VPN traffic patterns, including average packet size. These elements should be taken into consideration as part of your capacity planning. Throughput represents the maximum possible IPsec throughput. The maximum number of users may be limited by your throughput requirements.
5 Requires AnyConnect Plus or Apex license. An Apex license is required for clientless VPN. See the AnyConnect Ordering Guide for details. The maximum number of users may be limited by your throughput requirements.

Reference from  cisco.com