Optional Firewall Components
Cisco offers five optional components for use with the PIX 515E, 525, or 535 models. These
components can increase the performance and functionality of the PIX Firewall. The five
optional components include the following:
■ VPN Accelerator Card (VAC)—The VAC is a card that fits into a PCI slot of the PIX
515E through 535 firewall appliances and increases VPN performance and security by
segregating the processing required for the VPN from all other traffic traversing the
firewall. The VAC supports both DES and 3DES encryption.
■ VPN Accelerator Card Plus (VAC+)—The VAC+ is an improved version of the VAC. It
also fits into a PCI slot of the PIX 515E through 535 appliances. The VAC+ supports
DES, 3DES, and the Advanced Encryption Standard (AES). The VAC+ requires PIX OS
version 6.3(1) or higher with a DES, 3DES/AES license.
■ Cisco PIX Firewall FastEthernet Interface Card (PIX-1FE)—The PIX-1FE is a 10/100
Ethernet interface on a 33-MHz PCI card. This enables you to increase the number of
interfaces on the 515E to 535 appliances.
■ Cisco PIX 64-bit/66-MHz Four-Port FastEthernet Interface Card (4FE-66)—The
4FE-66 interface card is a single PCI card that combines four 10/100 Ethernet interfaces.
This interface card works with the 515E, 525, and 535 firewall appliances and allows
you to install four 10/100 interfaces per PCI slot up to the maximum number of
interfaces per device model.
■ Cisco PIX Firewall 66-MHz Gigabit Ethernet Card (1GE-66)—The 1GE-66 Gigabit
interface fits into the PCI slot of the 525 and 535 firewall appliances. The 1GE-66 allows
for full-duplex gigabit (1000BASE-SX) performance, compliant with the IEEE 802.2 and
802.3z Ethernet standards.
Cisco offers additional security services for the ASA Security Appliances using a Service
Security Module (SSM). SSM adapters allow for an adaptable security architecture that
allows a business or enterprise to deploy custom security solutions where they need them.
Each SSM will enable new security inspection services and techniques that can be used by a
Cisco ASA Security Appliance. The ATM Interface Processor-SSM (AIP-SSM) is the only
SSM currently available. The AIP-SSM is a diskless module, based on a Pentium 4 processor,
that adds additional security services, such as Intrusion Prevention Systems (IPS)and Anti-X
protection. Two AIP-SSM modules currently are deployed by Cisco:
■ Cisco AIP-SSM-10—The AIP-SSM-10 fits into the SSM module port on the ASA Security
Appliance. The module enables Intrusion Prevention Services for the ASA models using
inline or promiscuous operational modes. The AIP-SSM-10 supports a 2.0-GHz Celeron
processor and 1.0 GB of RAM. An additional gigabit Ethernet management port is
included with the module.
■ Cisco AIP-SSM-20—The AIP-SSM-20 is an advanced version of the AIP-SSM-10. It
supports a 2.6-GHz Pentium 4 processor and 2.0 GB of RAM. The AIP-SSM-20 is only
supported by the ASA 5520 and ASA 5530 Security Appliances.