Cisco Adaptive Security Appliances (ASA) Firewall and Virtual Private Network (VPN) Platform, version 8.4(4.1) (Previously Cisco ASA 5500 Series Security Appliance)
|Product type: Network and Network Related Devices and Systems|
Product Status: Completed
Assurance Level: EAL4+
Certification Country: AUSTRALIA/NEW ZEALAND (2012)
Product Website: http://www.cisco.com
The Target of Evaluation (TOE) was the Cisco Adaptive Security Appliances
(ASA) Firewall and Virtual Private Network (VPN) Platform, version 8.4(4.1). The evaluated configurations include any one or more of the following hardware: Cisco ASA 5505, 5510, 5520, 5540, 5550, 5580-20, 5580-40, 5585-S10, 5585-S20, 5585-S40, and 5585-S60, running Cisco ASA Release 8.4(4.1) administered via SSHv2, console and/or and Cisco Adaptive Security Device Manager (ASDM) 6.4(9), with VPN client remote access using any one of Cisco AnyConnect Release 3.0.08057, or Cisco VPN Client Releases 5.0.07.0410 or 5.0.07.0440.
The ASA is a purpose-built security platform that combines application-aware firewall and VPN services for small and medium-sized business (SMB) and enterprise application. For firewall services, the ASA 5500 Series provides application-aware stateful packet filtering with deep packet inspection for many network protocols. For VPN Services, the ASA 5500 Series provides a complete remote-access VPN solution that supports numerous connectivity options, including Cisco VPN Client for IP Security (IPSec), Cisco Clientless SSL VPN, network-aware site-to-site VPN connectivity, and Cisco AnyConnect VPN client. IPSec provides confidentiality, authenticity, and integrity for IP data transmitted between trusted (private) networks over untrusted (public) links or networks. For management purposes, the ASDM is included to allow the ASA to be managed via a graphical user interface (GUI).
Evaluated configurations can support single or multiple contexts, routed or transparent mode, and support interoperability with Cisco or non-Cisco components including: peer-to-peer VPN gateways over IPsec; clientless SSL VPN over TLS; syslog servers over TLS; AAA servers using RADIUS and/or TACACS+; peer Certificate Authorities using OCSP; and time servers supporting NTPv3. With or without use of AAA servers, the ASA supports enhanced password management, and account management options for VPN and administrative accounts in the local user database, and ability to audit all administrative actions.