5-3
Cisco PIX Security Appliance Series
Chapter5 VPN and Security Products
When to Sell
Key Features
•Security—Purpose-built appliance with a proprietary, hardened operating system
•Performance—Stateful inspection firewall capable of up to 500,000 concurrent
connections and 1.7 Gbps of throughput (at 1400-byte packets on Cisco PIX 535
Security Appliances)
•High availability—Award-winning, active/standby firewall stateful failover
provides enterprise-class, cost-effective resiliency
•Virtual Private Networking (VPN)—Supports both standards-based IPsec and
L2TP/PPTP-based VPN services
•Optional PIX VPN Accelerator Card+—Scales 3DES/AES-256 VPN throughput
up to 495 Mbps, using specialized co-processors designed for accelerating
cryptographic operations
•Free software Cisco VPN Client provides secure connectivity across a broad range
of platforms including Windows, Mac OS X, Linux and Solaris
•Network Address Translation (NAT) and Port Address Translation
(PAT)—Conceals internal IP addresses and expands network address space
•Denial-of-Service (DoS) Attack Protection—Protects the firewall, internal servers
and clients from disruptive hacking attempts
•OSPF dynamic routing support for improved network reliability and performance
Sell This Product When a Customer Needs These Features
PIX 501 • Small Office / Home Office desktop integrated security appliance
• Up to 60 Mbps of firewall throughput
• Up to 3 Mbps of 3DES and 3.4 Mbps of AES-256 IPsec VPN throughput1
• Hardware VPN client (Easy VPN Remote)
• VPN concentrator services (Easy VPN Server) for up to 10 remote users
• Integrated four port 10/100 Mbps switch
1. At 1400-byte packets
PIX 506E • Remote Office / Branch Office desktop integrated security appliance
• Up to 100 Mbps of firewall throughput
• Up to 16 Mbps of 3DES and 30 Mbps of AES-256 IPsec VPN throughput1
• Hardware VPN client (Easy VPN Remote)
• VPN concentrator services (Easy VPN Server) for up to 25 remote users
• Maximum of two 10BASE-T Ethernet interfaces
• OSPF dynamic routing support
PIX 515E • Small-to-Medium Business (SMB) integrated security appliance
• Up to 188 Mbps of firewall throughput1
• Up to 130 Mbps of 3DES/AES-256 VPN throughput1 using hardware acceleration (integrated in select
models, optional for others)
• VPN concentrator services (Easy VPN Server) for up to 2,000 remote users
• Up to six 10/100 FE interfaces
• VLAN trunking (802.1q tag-based) and OSPF dynamic routing support
• Active/standby firewall stateful failover support
PIX 525 • Enterprise-class integrated security appliance
• Up to 330 Mbps of firewall throughput1
• Up to 145 Mbps of 3DES and 135 Mbps of AES-256 VPN throughput1 using hardware acceleration
(integrated in select models, optional for others)
• VPN concentrator services (Easy VPN Server) for up to 2,000 remote users
• Gigabit Ethernet support; Up to eight 10/100 FE or three Gigabit Ethernet interfaces
• VLAN trunking (802.1q tag-based) and OSPF dynamic routing support
• Active/standby firewall stateful failover support
PIX 535 • Carrier class large enterprise and service provider firewall appliance
• Up to 1.7 Gbps of firewall throughput1
• Up to 425 Mbps of 3DES/AES-256 VPN throughput using hardware acceleration (integrated in select
models, optional for others)
• VPN concentrator services (Easy VPN Server) for up to 2,000 remote users
• Gigabit Ethernet throughput; Up to ten 10/100 FE or nine Gigabit Ethernet interfaces
• VLAN trunking (802.1q tag-based) and OSPF dynamic routing support
• Redundant, hot-swappable power supplies
• Active/standby firewall stateful failover support