Test1

From NesevoWiki
Jump to: navigation, search

Cisco PIX 515E Firewall

Cisco PIX 515E Firewall


The Cisco PIX 515E Firewall offers a multilayered defence for small-to-medium business and enterprise networks through rich security services including stateful inspection firewalling, protocol and application inspection, virtual private networking (VPN), in-line intrusion protection, and rich multimedia and voice security in a single device.

Small-to-medium business and enterprise networks benefit from the Cisco PIX 515E's additional layer of security via intelligent, application-aware security services that examine packet streams at Layers 4-7. Administrators can also easily create custom security policies for firewall traffic by using the flexible access control methods and the more than 100 predefined applications, services, and protocols that Cisco PIX Security Appliances provide.



Part Number Description
PIX-515E PIX 515E chassis only
PIX-515E-DC PIX 515E DC chassis only
PIX-515E-R-BUN PIX 515E restricted bundle (chassis, restricted software, 2 10/100 ports, 32 MB RAM)
PIX-515E-R-DMZ-BUN PIX 515E DMZ bundle (chassis, restricted software, 3 10/100 ports, 32 MB RAM)
PIX-515E-UR-BUN PIX 515E unrestricted bundle (chassis, unrestricted software, 2 10/100 Ports, 64 MB RAM, VAC or VAC+)
PIX-515E-UR-FE-BUN PIX 515E unrestricted 6-port FE bundle (chassis, unrestricted software, 6 10/100 Ports, 64 MB RAM, VAC or VAC+)
PIX-515E-FO-BUN PIX 515E failover bundle (chassis, failover software, 2 10/100 ports, 64 MB RAM, VAC or VAC+)
PIX-515E-FO-FE-BUN PIX 515E failover 6-port FE bundle (chassis, failover software, 6 10/100 ports, VAC or VAC+)
PIX-515E-DC-R-BUN PIX 515E DC restricted bundle (chassis, restricted software, 2 10/100 ports, 32 MB RAM)
PIX-515E-DC-UR-BUN PIX 515E DC unrestricted bundle (chassis, unrestricted software, 2 10/100 ports, 64 MB RAM, VAC or VAC+)
PIX-515E-DC-FO-BUN PIX 515E DC failover bundle (chassis, failover software, 2 10/100 ports, 64 MB RAM, VAC or VAC+
PIX-515E-HW= PIX 515E rack mount kit, console cable, failover serial cable
PIX-FO= PIX failover serial cable
PIX-4FE Four-port 10/100 Fast Ethernet PCI expansion
PIX-1FE Single-port 10/100 Fast Ethernet PCI expansion card
PIX-VPN-ACCEL 3DES IPsec hardware VPN Accelerator Card (VAC)
PIX-VAC-PLUS 3DES/AES IPsec hardware VPN Accelerator Card+ (VAC+)
PIX-515-VPN-3DES 168-bit 3DES and up to 256-bit AES encryption software license
PIX-515-VPN-3DES= 168-bit 3DES and up to 256-bit AES encryption software license
PIX-VPN-DES 56-bit DES encryption software license
PIX-VPN-DES= 56-bit DES encryption software license
  1. Stateful inspection firewall with flexible access-control capabilities for over 100 predefined applications, services and protocols, with the ability to define custom applications and services
  2. VPN features including Internet Key Exchange (IKE), IP security (IPsec) and Cisco Easy VPN
  3. TACACS+ and RADIUS support, tight integration with Cisco Secure Access Control Server (ACS)
  4. DHCP server and DHCP Relay
  5. NAT/PAT support
  6. Virtual LAN (VLAN)-based virtual interfaces
  7. Open Shortest Path First (OSPF) dynamic routing
  8. Concurrent connections: 130,000
  9. Simultaneous VPN tunnels: 2000
  10. Cleartext throughput: 188 Mbps
  11. 168-bit 3DES IPsec VPN throughput: Up to 140 Mbps with VAC+ or 63 Mbps with VAC
  12. 128-bit AES IPsec VPN throughput: Up to 135 Mbps with VAC+
  13. 256-bit AES IPsec VPN throughput: Up to 140 Mbps with VAC+






EOL/EOS for the Cisco PIX 515E Security Appliance

Table 1. End-of-Life Milestones and Dates for the Cisco PIX 515E Security Appliance
Milestone Definition Date
End-of-Life Announcement Date The date the document that announces the end of sale and end of life of a product is distributed to the general public. January 28, 2008
End-of-Sale Date The last date to order the product through Cisco point-of-sale mechanisms. The product is no longer for sale after this date. July 28, 2008
Last Ship Date: HW The last-possible ship date that can be requested of Cisco and/or its contract manufacturers. Actual ship date is dependent on lead time. October 26, 2008
End of Routine Failure Analysis Date: HW The last-possible date a routine failure analysis may be performed to determine the cause of product failure or defect. July 28, 2009
End of New Service Attachment Date: HW For equipment and software that is not covered by a service-and-support contract, this is the last date to order a new service-and-support contract or add the equipment and/or software to an existing service-and-support contract. July 28, 2009
End of Service Contract Renewal Date: HW The last date to extend or renew a service contract for the product. October 23, 2012
Last Date of Support: HW The last date to receive service and support for the product. After this date, all support services for the product are unavailable, and the product becomes obsolete. July 27, 2013
HW = Hardware
OS SW = Operating System Software
App. SW = Application Software


Table 2. Product Part Numbers Affected by This Announcement

Feature Cisco PIX 515E Security Appliance Cisco ASA 5510 Adaptive Security Appliance
Maximum Firewall Throughput 190 Mbps 300 Mbps
Maximum 3DES/AES VPN Throughput 130 Mbps 170 Mbps
Maximum Connections 48,000 (R/DMZ)/130,000 (UR/FO) 50,000 (Base)/130,000 (Security Plus)
Connections per Second 4000 9000
Packets per Second (64-byte) 48 190
Maximum IPsec VPN Sessions 2000 250
Maximum SSL VPN Sessions Not Supported 250
Integrated Network Ports 2 Fast Ethernet (R)/3 Fast Ethernet (DMZ)/6 Fast Ethernet (UR-FE/FO-FE) 5 Fast Ethernet (Base)/2 Gigabit Ethernet + 3 Fast Ethernet (Security Plus)
Maximum Network Ports 3 Fast Ethernet (R/DMZ)/6 Fast Ethernet (UR/FO) 4 Gigabit Ethernet + 5 Fast Ethernet (Base)/6 Gigabit Ethernet + 3 Fast Ethernet (Security Plus)
VLANs 10 (R/DMZ)/25 (UR/FO) 50 (Base)/100 (Security Plus)
High Availability/Scalability Not Supported (R/DMZ)/Active/Standby (FO)/Active/Active and Active/Standby (UR/FO-AA) Not Supported (Base)/Active/Active, Active/Standby, and VPN Clustering/Load Balancing (Security Plus)
Expandability 1 Fast Ethernet (1FE), 4 Fast Ethernet (4FE-66), VPN Accelerator Plus (VAC PLUS) 4 Gigabit Ethernet (4GE SSM), IPS (AIP SSM), Content Security (CSC SSM)




Table 3. Product Comparisons

Feature Cisco PIX 515E Security Appliance Cisco ASA 5510 Adaptive Security Appliance
Maximum Firewall Throughput 190 Mbps 300 Mbps
Maximum 3DES/AES VPN Throughput 130 Mbps 170 Mbps
Maximum Connections 48,000 (R/DMZ)/130,000 (UR/FO) 50,000 (Base)/130,000 (Security Plus)
Connections per Second 4000 9000
Packets per Second (64-byte) 48 190
Maximum IPsec VPN Sessions 2000 250
Maximum SSL VPN Sessions Not Supported 250
Integrated Network Ports 2 Fast Ethernet (R)/3 Fast Ethernet (DMZ)/6 Fast Ethernet (UR-FE/FO-FE) 5 Fast Ethernet (Base)/2 Gigabit Ethernet + 3 Fast Ethernet (Security Plus)
Maximum Network Ports 3 Fast Ethernet (R/DMZ)/6 Fast Ethernet (UR/FO) 4 Gigabit Ethernet + 5 Fast Ethernet (Base)/6 Gigabit Ethernet + 3 Fast Ethernet (Security Plus)
VLANs 10 (R/DMZ)/25 (UR/FO) 50 (Base)/100 (Security Plus)
High Availability/Scalability Not Supported (R/DMZ)/Active/Standby (FO)/Active/Active and Active/Standby (UR/FO-AA) Not Supported (Base)/Active/Active, Active/Standby, and VPN Clustering/Load Balancing (Security Plus)

Editing End-of-sale for Cisco PIX 515 Firewall Platform

Part Number Description
PIX-515 PIX 515 Chassis only
PIX-515-DC PIX 515 DC Powered Firewall Appliance
PIX-515-FO-BUN PIX 515 FO Bundle (Chassis, failover SW, 2 FE ports)
PIX-515-R-BUN PIX 515 R Bundle (Chassis, restricted SW, 2 FE ports)
PIX-515-R-DMZ-BUN PIX 515 R DMZ Bundle (Chassis, restricted SW, 3 FE ports)
PIX-515-UR-BUN PIX 515 UR Bundle (Chassis, unrestricted SW, 2 FE ports)
PIX-515-DC-R-BUN PIX 515-R DC Bundle (Chassis, R software, two 10/100 ports)
PIX-515-DC-UR-BUN PIX 515-UR DC Bundle(Chassis, UR software, two 10/100 ports)


Product Substitution The recommended replacement product for the PIX 515 is the PIX 515E. This platform offers enhanced performance and integrated hardware-based IPSec acceleration (certain models) at a comparable price point. The PIX 515E uses a high-performance 433-MHz Intel Pentium Celeron processor, compared with the 200-MHz Intel Pentium MMX processor of the PIX 515-providing up to 36 percent improvement in firewall throughput. In addition, the PIX 515E sports the same low-profile 1-rack unit (RU) chassis. PIX 515E systems support the same type and quantity of interfaces that are supported on the Cisco PIX 515 Firewall.


EOS Product Replacement Product Replacement Product Description
PIX-515 PIX-515E PIX 515E chassis only
PIX-515-DC PIX-515E-DC PIX 515E DC power chassis only
PIX-515-FO-BUN PIX-515E-FO-BUN PIX 515E FO Bundle (chassis, failover software, and 2 Fast Ethernet ports)
PIX-515-R-BUN PIX-515E-R-BUN PIX 515E R Bundle (chassis, restricted software, and 2 Fast Ethernet ports)
PIX-515-R-DMZ-BUN PIX-515E-R-DMZ-BUN PIX 515E DMZ Bundle (chassis, restricted software, and 3 Fast Ethernet ports)
PIX-515-UR-BUN PIX-515E-UR-BUN PIX 515E UR Bundle (chassis, unrestricted software, 2 Fast Ethernet ports)
PIX-515-DC-R-BUN PIX-515E-DC-R-BUN PIX 515E DC Power R Bundle (chassis, restricted software, and 2 Fast Ethernet ports)


For more information about the Cisco PIX Firewall Series, visit:


Upgrade Path Cisco offers an aggressive upgrade path called the Technology Migration Program (TMP). This program enables Cisco customers to upgrade their existing Cisco or competitive network equipment. Contact your local Cisco sales representative or Cisco reseller for more information, or visit


Support Cisco will continue to provide support through the SMARTnet™ service program. Customers with SMARTnet service contracts are entitled to 24-hour phone support through the TAC and advance replacement of hardware. Cisco is committed to providing hardware support for this product for a period of five years after the end-of-sale date.

End-of-Sale Schedule End of Sale: May 24, 2002 (No longer available for purchase)

End of Software Support: May 24, 2005

End of Hardware Support: May 24, 2007 (hardware repairs or exchanges are no longer available)

If you have any questions regarding these changes, contact the Cisco TAC at tac@cisco.com.