Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1658
Views
0
Helpful
2
Replies

ASA5515-X VS 5516-X

shaun barrs
Level 1
Level 1

‎01-23-2017 11:02 AM - edited ‎03-12-2019 01:49 AM

Hi,

 

We currently have a pair of ASA5525-X's as our external facing FW's and are looking into now replacing our internal
FW's.  I am currently looking at the 5515-X, 5516-X & 5525-X, although I think the 5525-X maybe over kill for us and also costly.

We are looking at getting as close as possible to a Gig throughput  and will not be running any sort of IPS, Firepower or VPN services on these FW's.  We need as close as possible to a gig throughput so as not to cause a bottle neck with the ASA's. (5516-X should be ok with 900Mbs of Multiprotocol throughput)

From a quick look at the specifications of the ASA's the 5516-X looks to be on par if not better than the 5515-X apart from no expansion slot.

I would like to keep consistency to software downloads as much as possible so that if a software patch is released we only need to apply the one
patch to all FW's.  From what I have read the ASA5506-X, 5508-X & 5516-X are built on the same security platform as the 5515-X & 5525-X series, however I see that when you come to download software for the 5506-X,5508-X & 5516-X it's a different download to the 5515-X & 5525-X series, is this just down to the physical hardware of the ASA's as the software versions seems to be the same?

If anyone has any thoughts or experiences on why not to use the ASA5516-X over the 5515-X I would be grateful to hear of your experiences.

 

Thanks,

 

Shaun

Labels:
0 Helpful
2 Replies 2

Rahul Govindan
VIP Alumni
VIP Alumni

‎01-23-2017 01:54 PM

The image, although named differently, has the same functionality in an ASA5515 vs ASA5516. The difference is that the newer ASA models (5508,16 etc) support digitally signed images to enhance security. More on this can be read here:

http://www.cisco.com/c/en/us/about/security-center/intelligence/asa-integrity-assurance.html

Now as far as using the ASA5515 vs 5516, I have used both in customer environments and cannot tell one from another, except during the initial boot or upgrade phase. The ASA5516 has better performance compared to 5515 owing to the newer hw. But this helps as it sits right in between the ASA5515 and 5525 models in terms of throughput. If you can get around the difference in image names (versions remain the same), the 5516 is a good way to go.

0 Helpful

syeda3
Level 1
Level 1

‎01-27-2017 10:38 AM

Please see the below url for compatibility matrix for more detailed info.

http://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html

Hope to help.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card