Data Sheet

Cisco ASA 5585-X Stateful Firewall

Today’s enterprise networks struggle to keep up with a mobile workforce. Users
expect on-demand access from their many devices, even as applications multiply and
push performance levels. And of course security remains a priority. How do you scale
and still preserve the integrity of the network? Start with the Cisco® ASA 5585-X
Firewall, a compact yet high-density firewall that delivers tremendous scalability,
performance, and security in a two-rack-unit (2RU) footprint.

Using a single firewall blade, the Cisco ASA 5585-X meets the growing needs of dynamic organizations by
providing eight times the performance density, very high VPN session counts, twice as many connections per
second, and four times the connection capacity of any competitive firewall.

Firewall Features
Support for Layer 3 and Layer 4 stateful firewall inspection features, including access control and network address
translation, enables organizations to keep existing stateful inspection policies that are essential for compliance
regulations and securing critical data center resources.

In addition to comprehensive stateful inspection capabilities, Layer 7 next-generation policies act intelligently on
contextual information. Cisco AnyConnect® technology provides information on the type and location, and endpoint
posture of a mobile device before it accesses the network, so that administrators can maintain high levels of
network visibility, protection and control. Threat intelligence feeds from Cisco Collective Security Intelligence (CSI)
use the global footprint of Cisco security deployments to analyze approximately one-third of the world’s Internet
traffic for near-real-time protection from new and emerging threats.

Flexible Deployment Options

The Cisco ASA 5585-X supports two hardware blades in a single 2RU chassis. The bottom slot (slot 0) hosts the
ASA stateful inspection firewall module, while the top slot (slot 1) can be used for adding up to two Cisco ASA
5585-X I/O modules for high interface density for mission-critical data centers that require exceptional flexibility and
security.

Clustering
Using Cisco ASA Software Release 9.0 and later, customers can combine up to 16 Cisco ASA 5585-X firewall
modules in a single cluster for up to 640 Gbps of throughput, 2 million connections per second, and more than 100
million concurrent connections. This “pay as you grow” model enables organizations to purchase what they need
today and dynamically add more when their performance needs grow. To protect high-performance data centers
from internal and external threats, the cluster can be augmented by adding IPS modules.

© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 8
 Cisco ASA software clustering delivers a consistent scaling factor, irrespective of the number of units in the cluster,
for a linear and predictable increase in performance. Complexity is reduced, as no changes are required to existing
Layer 2 and Layer 3 networks. Support for data center designs based on the Cisco Catalyst® 6500 Series Virtual
Switching System (VSS) and the Cisco Nexus virtual PortChannel (vPC) as well as the Link Aggregation Control
Protocol (LACP) provides high availability (HA) with better network integration.

For operational efficiency, Cisco ASA clusters are easy to manage and troubleshoot as a single entity. Policies
pushed to the master node are replicated across all the units within the cluster. The health, performance, and
capacity statistics of the entire cluster, as well as individual units within the cluster, can be assessed from a single
management console. Hitless software upgrades are supported for ease of device updates.

Clustering supports HA in both active/active and active/passive modes. All units in the cluster actively pass traffic,
and all connection information is replicated to at least one other unit in the cluster to support N+1 HA. In addition,
single and multiple contexts are supported, along with routed and transparent modes. A single configuration is
maintained across all units in the cluster using automatic configuration sync. Clusterwide statistics are provided to
track resource usage.

Cisco TrustSec Integration

Using Cisco ASA Software Release 9.0 and later, the Cisco ASA 5585-X provides context awareness through the
integration of identity-based firewall security and Cisco TrustSec® security group tags for enhanced visibility and
control. Identity-based firewall security provides more flexible access control to enforce policies based on user and
group identities and the point of access. Administrators can write policies that correspond to business rules, a
process that increases security, enhances ease of use, and requires fewer policies to manage. Similarly, Cisco
TrustSec integration enables security group tags to be embedded into the network, providing administrators with
the ability to develop and enforce better, more precise policies.

Cut Costs While Improving Performance and Security

The Cisco ASA 5585-X Next-Generation Firewall delivers superior scalability, performance, and security to handle
high data volumes without sacrificing performance. Most firewalls require up to 16RUs and 5100 watts to scale to
the level of performance that the Cisco ASA 5585-X achieves with only 2RUs and 785 watts. This performance
helps enterprises meet the increasing demands for network connectivity without the need to invest in additional
data center space and incur the corresponding maintenance costs.

Based on tests conducted by Cisco, the Cisco ASA 5585-X significantly reduces initial procurement costs by 80
percent, power consumption costs by 85 percent, and rack space requirements by 88 percent in addition to
significant reductions in overall integration and management complexity and costs. In addition, you can install up to
two firewall modules in a single Cisco ASA 5585-X chassis, providing scalability to 80 Gbps.

Table 1 gives the capabilities of the four Cisco ASA 5585-X models.

Table 1. Cisco ASA 5585-X Next-Generation Firewall Capabilities and Capacities

Feature Cisco ASA 5585-X with Cisco ASA 5585-X with Cisco ASA 5585-X with Cisco ASA 5585-X with
SSP-10 SSP-20 SSP-40 SSP-60

Typical use case Edge Edge Data center Data center

Users or nodes Unlimited Unlimited Unlimited Unlimited

© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 8
 Feature Cisco ASA 5585-X with Cisco ASA 5585-X with Cisco ASA 5585-X with Cisco ASA 5585-X with
SSP-10 SSP-20 SSP-40 SSP-60
Stateful inspection 4 Gbps 10 Gbps 20 Gbps 40 Gbps
firewall throughput
(maximum)1
Stateful inspection 2 Gbps 5 Gbps 10 Gbps 20 Gbps
firewall throughput
(multiprotocol)2
Concurrent firewall 1,000,000 2,000,000 4,000,000 10,000,000
connections
Firewall connections 50,000 125,000 200,000 350,000
per second
Packets (64 byte) per 1,500,000 3,000,000 5,000,000 9,000,000
second
Security contexts3 Up to 100 Up to 250 Up to 250 Up to 250
Authentication Active Directory agent, Active Directory agent, Active Directory agent, Active Directory agent,
LDAP, Kerberos, NTLM LDAP, Kerberos, NTLM LDAP, Kerberos, NTLM LDAP, Kerberos, NTLM
Maximum 3DES/AES 1 Gbps 2 Gbps 3 Gbps 5 Gbps
IPsec VPN throughput4

Maximum Site-to-Site Up to 5,000 Up to 10,000 Up to 10,000 Up to 10,000

and IPsec IKEv1 client
VPN Sessions4

Maximum Cisco Up to 5,000 Up to 10,000 Up to 10,000 Up to 10,000

AnyConnect or Clientless
5
VPN User Sessions

Interfaces 8-port 10/100/1000, 2-port 8-port 10/100/1000, 2-port 6-port 10/100/1000, 4-port 6-port 10/100/1000, 4-port
10 Gigabit Ethernet** (SFP+) 10 Gigabit Ethernet** (SFP+) 10 Gigabit Ethernet (SFP+) 10 Gigabit Ethernet (SFP+)
Maximum number of 16-port 10/100/1000, 4-port 16-port 10/100/1000, 4-port 12-port 10/100/1000,8-port 12-port 10/100/1000, 8-port
interfaces 10 Gigabit Ethernet** 10 Gigabit Ethernet** 10 Gigabit Ethernet (SFP+) 10 Gigabit Ethernet (SFP+)
(SFP+) (with 2 modules per (SFP+) (with 2 modules per (with 2 modules per (with 2 modules per
chassis) chassis) chassis) chassis)

Integrated network 2-port 10/100/1000 2-port 10/100/1000 2-port 10/100/1000 2-port 10/100/1000
management ports
Integrated network ports 8-port 10/100/1000, 2-port 8-port 10/100/1000, 2-port 6-port 10/100/1000, 4-port 6-port 10/100/1000, 4-port
10 Gigabit Ethernet*** 10 Gigabit Ethernet*** 10 Gigabit Ethernet (SFP+) 10 Gigabit Ethernet (SFP+)
(SFP+) (SFP+)
Maximum number of 16-port 10/100/1000, 4-port 16-port 10/100/1000, 4-port 12-port 10/100/1000,8-port 12-port 10/100/1000, 8-port
integrated network ports 10 Gigabit Ethernet*** SFP+ 10 Gigabit Ethernet*** SFP+ 10 Gigabit Ethernet SFP+ 10 Gigabit Ethernet SFP+
(with 2 modules per (with 2 modules per (with 2 modules per (with 2 modules per
chassis) chassis) chassis) chassis)
Interface card slots 2 2 2 2
Virtual interfaces 1024 1024 1024 1024
(VLANs)

1
Maximum throughput with UDP traffic measured under ideal test conditions.
2
“Multiprotocol” refers to a traffic profile consisting primarily of TCP-based protocols and applications like HTTP, SMTP, FTP,
IMAPv4, BitTorrent, and DNS.
3
Available for the firewall feature set.
4
VPN throughput and maximum peers depend on the ASA device configuration and VPN traffic patterns, including average
packet size. These elements should be taken into consideration as part of your capacity planning. Throughput represents the
maximum possible IPsec throughput. Maximum sessions may be further limited by your throughput requirements.
AnyConnect licenses required. See the AnyConnect Ordering Guide for details. Maximum sessions may be further limited by
your throughput requirements.
5
AnyConnect licenses required. See the AnyConnect Ordering Guide for details. Maximum sessions may be further limited by
your throughput requirements.

© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 3 of 8
 Feature Cisco ASA 5585-X with Cisco ASA 5585-X with Cisco ASA 5585-X with Cisco ASA 5585-X with
SSP-10 SSP-20 SSP-40 SSP-60
Scalability VPN clustering and load VPN clustering and load VPN clustering and load VPN clustering and load
balancing balancing balancing balancing
High availability Active/active6 and Active/active6 and Active/active6 and Active/active6 and
Active/standby Active/standby Active/standby Active/standby
Redundant power Supported, second power Supported, second power Supported, second power Supported
supply optional supply optional supply optional
USB 2.0 ports 2 2 2 2
Serial ports 1 RJ-45, console and 1 RJ-45, console and 1 RJ-45, console and 1 RJ-45, console and
auxiliary auxiliary auxiliary auxiliary
Rack mountable Yes, rack mounts included Yes, rack mounts included Yes, rack mounts included Yes, rack mounts included
Memory 6 GB (SSP-10) 12 GB (with 12 GB (SSP-20) 24 GB 12 GB (SSP-40) 36 GB 24 GB (SSP-60) 72 GB
2 modules per chassis) (with 2 modules per (with 2 modules per (with 2 modules per
chassis) chassis) chassis)
Minimum system flash 2 GB (SSP-10) 2 GB (SSP-20) 2 GB (SSP-40) 2 GB (SSP-60)
4 GB (with 2 modules per 4 GB (with 2 modules per 4 GB (with 2 modules per 4 GB (with 2 modules per
chassis) chassis) chassis) chassis)
Operating temperature 32 to 104°F 32 to 104°F 32 to 104°F 32 to 104°F
(0 to 40°C) (0 to 40°C) (0 to 40°C) (0 to 40°C)
Relative humidity 10 to 90 percent 10 to 90 percent 10 to 90 percent 10 to 90 percent
noncondensing noncondensing noncondensing noncondensing

Altitude Designed and tested for Designed and tested for Designed and tested for Designed and tested for
0 to 10,000 ft (3050 m) 0 to 10,000 ft (3050 m) 0 to 10,000 ft (3050 m) 0 to 10,000 ft (3050 m)
Noise 65 dBa max 65 dBa max 65 dBa max 65 dBa max

Temperature -40 to +158°F -40 to +158°F -40 to +158°F -40 to +158°F

(-40 to +70°C) (-40 to +70°C) (-40 to +70°C) (-40 to +70°C)
Relative humidity 5 to 95 percent 5 to 95 percent 5 to 95 percent 5 to 95 percent
noncondensing noncondensing noncondensing noncondensing
Altitude 0 to 30,000 ft (9144 m) 0 to 30,000 ft (9144 m) 0 to 30,000 ft (9144 m) 0 to 30,000 ft (9144 m)
Range line voltage 100 to 240 VAC 100 to 240 VAC 100 to 240 VAC 100 to 240 VAC

Normal line voltage 100 to 240 VAC 100 to 240 VAC 100 to 240 VAC 100 to 240 VAC
Maximum current 9A (100 VAC), 9A (100 VAC), 9A (100 VAC), 9A (100 VAC),
4.5A (200 VAC) 4.5A (200 VAC) 4.5A (200 VAC) 4.5A (200 VAC)

Frequency 50 to 60 Hz 50 to 60 Hz 50 to 60 Hz 50 to 60 Hz
Steady state 320W (1 SSP only) 320W (1 SSP only) 320W (1 SSP only) 320W (1 SSP only)
670W (with 2 modules per 670W (with 2 modules per 670W (with 2 modules per 670W (with 2 modules per
chassis) chassis) chassis) chassis)
Maximum peak 370W (1 SSP only) 370W (1 SSP only) 370W (1 SSP only) 370W (1 SSP only)
770W (with 2 modules per 770W (with 2 modules per 770W (with 2 modules per 770W (with 2 modules per
chassis) chassis) chassis) chassis)
Maximum heat 3960 Btu/hr (100 VAC), 3960 Btu/hr (100 VAC), 3960 Btu/hr (100 VAC), 3960 Btu/hr (100 VAC),
dissipation 5450 Btu/hr (200 VAC) 5450 Btu/hr (200 VAC) 5450 Btu/hr (200 VAC) 5450 Btu/hr (200 VAC)
Form factor 2RU, 19-in. rack- 2RU, 19-in. rack- 2RU, 19-in. rack- 2RU, 19-in. rack-
mountable mountable mountable mountable
Dimensions (H x W x D) 3.47 x 19 x 26.5 in. 3.47 x 19 x 26.5 in. 3.47 x 19 x 26.5 in. 3.47 x 19 x 26.5 in.
(8.8x 48.3 x 67.3 cm) (8.8x 48.3 x 67.3 cm) (8.8x 48.3 x 67.3 cm) (8.8x 48.3 x 67.3 cm)
Weight 50 lb (22.7 kg) with 1 SSP 50 lb (22.7 kg) with 1 SSP 50 lb (22.7 kg) with 1 SSP 50 lb (22.7 kg) with 1 SSP
and single power supply and single power supply and single power supply and single power supply
62 lb (28.2 kg) with 2 62 lb (28.2 kg) with 2 62 lb (28.2 kg) with 2 62 lb (28.2 kg) with 2
modules per chassis and modules per chassis and modules per chassis and modules per chassis and
dual power supplies dual power supplies dual power supplies dual power supplies

6
Available for the firewall feature set.

© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 4 of 8
 Feature Cisco ASA 5585-X with Cisco ASA 5585-X with Cisco ASA 5585-X with Cisco ASA 5585-X with
SSP-10 SSP-20 SSP-40 SSP-60
Safety UL 60950-1, CAN/CSA- UL 60950-1, CAN/CSA- UL 60950-1, CAN/CSA- UL 60950-1, CAN/CSA-
C22.2 No. 60950-1 C22.2 No. 60950-1 C22.2 No. 60950-1 C22.2 No. 60950-1
EN 60950-1, IEC 60950-1, EN 60950-1, IEC 60950-1, EN 60950-1, IEC 60950-1, EN 60950-1, IEC 60950-1,
AS/NZS 60950-1GB4943 AS/NZS 60950-1GB4943 AS/NZS 60950-1GB4943 AS/NZS 60950-1GB4943
Electromagnetic 47CFR Part 15 (CFR 47) 47CFR Part 15 (CFR 47) 47CFR Part 15 (CFR 47) 47CFR Part 15 (CFR 47)
compatibility (EMC) Class A, AS/NZS CISPR22 Class A, AS/NZS CISPR22 Class A, AS/NZS CISPR22 Class A, AS/NZS CISPR22
Class A, CISPR2 2 Class Class A, CISPR2 2 Class Class A, CISPR2 2 Class Class A, CISPR2 2 Class
A, EN55022 Class A, A, EN55022 Class A, A, EN55022 Class A, A, EN55022 Class A,
ICES003 Class A, VCCI ICES003 Class A, VCCI ICES003 Class A, VCCI ICES003 Class A, VCCI
Class A EN61000-3-2, Class A EN61000-3-2, Class A EN61000-3-2, Class A EN61000-3-2,
EN61000-3-3, KN22 Class EN61000-3-3, KN22 Class EN61000-3-3, KN22 Class EN61000-3-3, KN22 Class
A, CNS13438 Class A, A, CNS13438 Class A, A, CNS13438 Class A, A, CNS13438 Class A,
EN50082-1, EN55024, EN50082-1, EN55024, EN50082-1, EN55024, EN50082-1, EN55024,
CISPR24, EN300386, KN CISPR24, EN300386, KN CISPR24, EN300386, KN CISPR24, EN300386, KN
61000-4 Series 61000-4 Series 61000-4 Series 61000-4 Series

Note: Performance numbers were tested and validated with Cisco ASA Software Release 8.4.

Weight 11.5 lb (5.2 kg)

Regulatory and Standards Compliance

Safety UL 60950-1, CAN/CSA-C22.2 No. 60950-1

EN 60950-1, IEC 60950-1, AS/NZS 60950-1
GB4943

Electromagnetic 47CFR Part 15 (CFR 47) Class A, AS/NZS CISPR22 Class A,

Compatibility (EMC) CISPR2 2 Class A, EN55022 Class A, ICES003 Class A, VCCI Class A
EN61000-3-2, EN61000-3-3, KN22 Class A, CNS13438 Class A,
EN50082-1, EN55024, CISPR24, EN300386, KN 61000-4 Series

Cisco ASA 5585-X I/O Modules

Mission-critical data centers running Cisco ASA Software Release 8.4.4 and later can use the top slot of the Cisco
ASA 5585-X to add up to two Cisco ASA 5585-X I/O modules for exceptional flexibility and security. With two Cisco
ASA 5585-X I/O modules, a single Cisco ASA 5585-X can support up to twenty 10 Gigabit Ethernet ports or up to
fifty 1 Gigabit Ethernet ports. Using the Cisco ASA 5585-X Divider, the top slot is partitioned into two half-slots, with
each I/O module occupying one half-slot. When only one I/O module is installed, a half-slot blank cover is required
to cover the empty half-slot.

Table 2 describes each of the Cisco ASA 5585-X I/O modules in more detail.

Table 2. Cisco ASA 5585-X I/O Modules

Product Description Number of Ports Product Part Number

SFP/SFP+ Ports SFP Ports 10/100/1000BASE-T Ports

Configuration Options

Cisco ASA 5585-X 8-port 8 - - ASA5585-NM-8-10GE

10 Gigabit Ethernet
module

Cisco ASA 5585-X 4-port 4 - - ASA5585-NM-4-10GE

10 Gigabit Ethernet
module

Cisco ASA 5585-X 20-port - 12 8 ASA5585-NM-20-1GE

1 Gigabit Ethernet
module
Cisco ASA 5585-X slot - - - ASA5585-SEPTUM
divider
Cisco ASA 5585-X half- - - - ASA5585-BLANK-H
slot cover

© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 5 of 8
 Product Description Number of Ports Product Part Number

SFP/SFP+ Ports SFP Ports 10/100/1000BASE-T Ports

Spares
Cisco ASA 5585-X 8-port 8 - - ASA5585-NM-8-10GE=
10 Gigabit Ethernet
module
Cisco ASA 5585-X 4-port 4 - - ASA5585-NM-4-10GE=
10 Gigabit Ethernet
module
Cisco ASA 5585-X 20-port - 12 8 ASA5585-NM-20-1GE=
1 Gigabit Ethernet
module
Cisco ASA 5585-X slot - - - ASA5585-SEPTUM=
divider
Cisco ASA 5585-X half- - - - ASA5585-BLANK-H=
slot cover

Table 3 lists the 10 Gigabit Ethernet Enhanced Small Form-Factor Pluggable (SFP+) and 1 Gigabit Ethernet SFPs
that are supported.

Table 3. Supported SFP and SFP+ Modules

Product Description Product Part Number

Supported SFP modules Cisco 1000 Base-SX SFP module, MMF, 850nm, DOM GLC-SX-MMD
Cisco 1000 Base-LX/LH SFP module, MMF/SMF, 1310nm, DOM GLC-LH-SMD
Cisco 1000BASE-T copper SFP GLC-T
Cisco 1000BASE-EX SFP module, SMF, 1550nm, DOM GLC-ZX-SMD
Cisco 1000BASE-ZX SFP module, SMF, 1310nm, DOM GLC-EX-SMD
Supported SFP+ modules 10G SR SFP+ modules SFP-10G-SR
10G LRM SFP+ module SFP-10G-LRM
10G LR SFP+ module SFP-10G-LR
10G ER SFP+ module SFP-10G-ER
10G BASE-CU SFP+ cable 1 meter, passive SFP-H10GB-CU1M
10G BASE-CU SFP+ cable 3 meter, passive SFP-H10GB-CU3M
10G BASE-CU SFP+ cable 5 meter, passive SFP-H10GB-CU5M
10G BASE-CU SFP+ cable 7 meter, active SFP-H10GB-ACU7M
10G BASE-CU SFP+ cable 10 meter, active SFP-H10GB-ACU10M

Optional DC Power Supplies

Service providers and data centers that require data-center-powered equipment can purchase Cisco ASA 5585-X
data center power supply modules with built-in fans. These power supplies deliver up to 1150 watts of data center
power for Cisco ASA 5585-X Next-Generation Firewalls. Two data center power supplies are required for each
Cisco ASA 5585-X chassis. The minimum software required is Cisco ASA Software Release 8.4.5.

Warranty Information
Find warranty information on Cisco.com at the Product Warranties page.

Ordering Information
Help customers understand all the components or parts they need to purchase in order to install and use the
product.

To place an order, visit the Cisco How to Buy homepage.

© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 6 of 8
 Table 4 lists part numbers for customer convenience.

Table 4. Ordering Information

Product Name Product Part Number

Cisco ASA 5585-X Firewall Edition Bundles
Cisco ASA 5585-X Firewall Edition SSP-10 bundle includes 8 Gigabit Ethernet interfaces, 2 Gigabit Ethernet SFP ASA5585-S10-K8
interfaces, 2 Gigabit Ethernet management interfaces, 5000 IPsec VPN peers, 2 Premium VPN peers, DES license
Cisco ASA 5585-X Firewall Edition SSP-10 bundle includes 8 Gigabit Ethernet interfaces, 2 Gigabit Ethernet SFP ASA5585-S10-K9
interfaces, 2 Gigabit Ethernet management interfaces, 5000 IPsec VPN peers, 2 Premium VPN peers, 3DES/AES
license
Cisco ASA 5585-X Security Plus Firewall Edition SSP-10 bundle includes 8 Gigabit Ethernet interfaces, 2 10 Gigabit ASA5585-S10X-K9
Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 5000 IPsec VPN peers, 2 Premium VPN
peers, dual AC power, 3DES/AES license
Cisco ASA 5585-X Firewall Edition SSP-20 bundle includes 8 Gigabit Ethernet interfaces, 2 Gigabit Ethernet SFP ASA5585-S20-K8
interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers,
DES license
Cisco ASA 5585-X Firewall Edition SSP-20 bundle includes 8 Gigabit Ethernet interfaces, 2 Gigabit Ethernet SFP ASA5585-S20-K9
interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, 3DES/AES
license
Cisco ASA 5585-X Security Plus Firewall Edition SSP-20 bundle includes 8 Gigabit Ethernet interfaces, 2 10 Gigabit ASA5585-S20X-K9
Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN
peers, dual AC power, 3DES/AES license
Cisco ASA 5585-X Firewall Edition SSP-40 bundle includes 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet ASA5585-S40-K8
SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers,
DES license
Cisco ASA 5585-X Firewall Edition SSP-40 bundle includes 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet ASA5585-S40-K9
SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers,
3DES/AES license
Cisco ASA 5585-X Firewall Edition SSP-40 bundle includes 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet ASA5585-S40-2A-K9
SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers,
dual AC power, 3DES/AES license
Cisco ASA 5585-X Firewall Edition SSP-60 bundle includes 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet ASA5585-S60-2A-K8
SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers,
dual AC power, 3DES/AES license
Cisco ASA 5585-X Firewall Edition SSP-60 bundle includes 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet ASA5585-S60-2A-K9
SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers,
dual AC power, 3DES/AES license
Cisco ASA 5585-X SSL/IPsec VPN Edition Bundles
Cisco ASA 5585-X SSL/IPsec VPN Edition SSP-10 Bundle includes 5000 IPsec VPN peers, 5000 Premium VPN ASA5585-S10-5K-K9
peers, firewall services, 8 Gigabit Ethernet interfaces, 2 management interfaces, 3DES/AES license
Cisco ASA 5585-X SSL/IPsec VPN Edition SSP-20 Bundle includes 10,000 IPsec VPN peers, 10,000 Premium VPN ASA5585S20-10K-K9
peers, firewall services, 8 Gigabit Ethernet interfaces, 2 management interfaces, 3DES/AES license

Cisco ASA 5585-X SSL/IPsec VPN Edition SSP-40 Bundle includes 10,000 IPsec VPN peers, 10,000 Premium VPN ASA5585S40-10K-K9
peers, firewall services, 8 Gigabit Ethernet interfaces, 2 management interfaces, 3DES/AES license
Cisco ASA 5585-X SSL/IPsec VPN Edition SSP-60 Bundle includes 10,000 IPsec VPN peers, 10,000 Premium VPN ASA5585S60-10K-K9
peers, firewall services, 8 Gigabit Ethernet interfaces, 2 management interfaces, 3DES/AES license
Cisco ASA 5585-X Security Services Processors
Cisco ASA 5585-X Security Services Processor-10 (SSP-10) ASA-SSP-10-K8=

Cisco ASA 5585-X Security Services Processor-20 (SSP-20) ASA-SSP-20-K8=

Cisco ASA 5585-X Security Services Processor-40 (SSP-40) ASA-SSP-40-K8=
Cisco ASA 5585-X Security Services Processor-60 (SSP-60) ASA-SSP-60-K8=
Cisco ASA 5585-X DC Power Supplies
Cisco ASA 5585 DC Power Supply (configurable option) ASA5585-DC-PWR
Cisco ASA 5585 DC Power Supply (spare) ASA5585-DC-PWR=
Cisco ASA 5585-X SSP40 DC Power bundle ASA5585- S40-2D-K9
Cisco ASA 5585-X SSP60 DC Power bundle ASA5585- S60-2D-K9

© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 7 of 8
 To Download the Software
Visit the Cisco Software Center to download Cisco ASA Software.

Service and Support

Cisco services help you protect your network investment, improve network operations, and prepare your network
for new applications to extend network intelligence and the power of your business.

Included in the "Operate" phase of the service lifecycle are the Cisco Security IntelliShield® Alert Manager Service,
Cisco SMARTnet™ services, the Cisco SP Base, and Cisco Services for IPS. These services are suitable for
enterprise, commercial, and service provider customers.

Cisco Security IntelliShield Alert Manager Service provides a customizable, web-based threat and vulnerability
alert service that allows organizations to easily access timely, accurate, and credible information about potential
vulnerabilities in their environment.

Cisco Services for IPS supports modules, platforms, and bundles of platforms and modules that feature Cisco IPS
capabilities. Cisco SMARTnet and Cisco SP Base support other products in this family.

For More Information

For more information, please visit the following links:

● Cisco ASA 5500-X Series Next-Generation Firewalls:

http://www.cisco.com/en/US/products/ps6120/index.html
● Cisco Cloud Web Security: http://www.cisco.com/en/US/products/ps11720/index.html
● Cisco TrustSec Solutions: http://www.cisco.com/en/US/netsol/ns1051/index.html
● Cisco AnyConnect: http://www.cisco.com/go/anyconnect
● Cisco AnyConnect Ordering Guide: http://www.cisco.com/c/en/us/products/security/anyconnect-secure-
mobility-client/sales-resources-listing.html
● Cisco Security Manager: http://www.cisco.com/en/US/products/ps6498/index.html
● Cisco Adaptive Security Device Manager: http://www.cisco.com/en/US/products/ps6121/index.html
● Cisco Security Services: http://www.cisco.com/en/US/products/svcs/ps2961/ps2952/serv_group_home.html

Printed in USA C78-730903-04 06/17

© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 8 of 8