The Cisco® ASA 5500 Series VPN Edition enables organizations to gain the connectivity and cost benefits of Internet transport without compromising the integrity of corporate security policies. By converging IP Security (IPSec) and Secure Sockets Layer (SSL) VPN (Cisco WebVPN) services with comprehensive threat defense technologies, the Cisco ASA 5500 Series delivers highly customizable network access tailored to meet the requirements of diverse deployment environments while providing a fully secured VPN with complete endpoint and network-level security.
CHALLENGE
Securing the VPN is paramount to ensuring that that the VPN deployment does not become a conduit for network attacks such as worms, viruses, spyware, keyloggers, Trojans horses, rootkits or hacking. SSL VPN deployments enable universal access from both secure and non-corporate-managed endpoints, as well as the ability to extend network resources to diverse user communities. With this extension of the network, the points for potential network security attacks also increase. Furthermore, worms, viruses, application-embedded attacks, and application abuse are considered among the greatest security challenges in today's networks. Remote-access and remote-office VPN connectivity are common points of entry for such threats, due to how VPNs are designed today. All too often, VPNs are deployed without proper inspection and threat mitigation applied at the tunnel termination point at the headquarters location, thereby allowing malware from remote offices or users to infiltrate the network and spread.
SOLUTION
The Cisco ASA 5500 Series VPN Edition offers flexible VPN technologies for any connectivity scenario with scalability up to 5000 concurrent users. Providing easy-to-manage full-tunnel network access through both SSL VPN and IPSec VPN client technologies, advanced clientless SSL VPN capabilities, and network-aware site-to-site VPN connectivity, the VPN Edition enables businesses to create secure connections across public networks to mobile users, remote sites, contractors, and business partners. Furthermore, the VPN Edition reduces costs associated with VPN deployment and operations by eliminating ancillary equipment required to scale and secure the VPN deployment.
The Cisco ASA 5500 Series VPN Edition provides complete security for VPN deployments through its integrated network and endpoint security technologies. Additionally, detailed application and access control policy can be applied to VPN traffic, so individuals and groups of users have access to the applications, network services, and resources to which they are entitled. With the converged threat mitigation capabilities of the Cisco ASA 5500 Series, customers can detect malware and stop it before it enters the network interior and spreads. For application-embedded attacks, such as spyware or adware spread via file-sharing peer-to-peer networks, the Cisco ASA 5500 Series deeply examines application traffic to identify dangerous payload and drop its contents before it reaches its target and causes damage. Whether users are accessing the network from a corporate-managed PC, personal machine, or public terminal, the Cisco Secure Desktop helps ensure complete data protection before, during, and after the SSL session.
BUSINESS BENEFITS
Benefits of the Cisco ASA 5500 Series VPN Edition include:
– SSL- and IPSec-based full network remote access-Full network access provides network-layer remote-user connectivity to virtually any application or network resource. Connectivity is provided either through the dynamically downloaded Cisco SSL VPN Client for WebVPN or the Cisco IPSec VPN Client. Full network access is generally extended to managed desktops such as company-owned employee laptops. By supporting both SSL- and IPSec-based remote-access VPN technologies, the Cisco ASA 5500 Series delivers unsurpassed flexibility to meet the needs of the most diverse deployment scenarios.
– Superior clientless network access-Clientless remote access provides access to network applications and resources, regardless of location, without the need for desktop VPN client software. Using the ubiquity of SSL encryption available in Internet browsers, the Cisco ASA 5500 Series delivers clientless access to any Web-based application or resource, terminal services applications such as Citrix, and optimized Microsoft Outlook Web Access and Lotus iNotes, as well as access to common thick-client applications like e-mail, instant messaging, calendars, and Telnet. Furthermore, the superior content rewriting capabilities of the Cisco ASA 5500 Series help ensure reliable rendering of complex web pages with Java, Java Script, and Active X content.
– Network-aware site-to-site VPNs-Enables secure, high-speed communications between multiple office locations. With support for quality of service (QoS) and routing across the VPN, the Cisco ASA 5500 Series helps ensure reliable, business-quality delivery of latency-sensitive applications like voice, video, and terminal services.
– Threat-Protected VPN-VPNs are a primary source of malware infiltration into organizations' networks. The depth and breadth of intrusion prevention, antivirus, application-aware firewall, and VPN endpoint security capabilities in the Cisco ASA 5500 Series helps ensure that the VPN connection does not become a conduit for security threats.
– More cost-effective VPN deployment and operations-Scaling and securing VPNs often requires adjunct load balancing and security equipment, which increases both equipment and operational costs. The Cisco ASA 5500 Series integrates these functions, delivering an unprecedented level of network and security integration among the VPN products available today. And by offering both SSL and IPSec VPN on one platform, the Cisco ASA 5500 Series provides customers with cost-effective alternatives to deploying parallel VPN infrastructures.
– Scalability and resiliency-Supports up to 5000 simultaneous user sessions, with the ability to scale to ten of thousands through integrated clustering and load-balancing capabilities. Stateful failover features deliver high-availability services for unsurpassed uptime.
