Cisco ASA 5506W-X, ASA 5506H-X, ASA 5506-X Hardware Installation Manual
Cisco ASA 5506-X, ASA 5506W-X, and ASA 5506H-X Hardware
Installation Guide
First Published: 2015-04-07
Last Modified: 2017-06-16
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: Online Only
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version
of the UNIX operating system. All rights reserved. Copyright©1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional
and coincidental.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
©
2015-2017 Cisco Systems, Inc. All rights reserved.
CONTENTS
CHAPTER 1
CHAPTER 2
Overview 1
About the ASA 5506-X, ASA 5506W-X, and ASA 5506H-X 1
Package Contents 4
Front Panel 5
Rear Panel 6
LEDs 8
Network Ports 11
Console Ports 11
Internal and External Flash Storage 12
Solid State Drive 12
Power Supply Modules 13
Hardware Specifications 13
Power Cord Specifications 14
Installation Preparation 23
Installation Warnings 23
Position the ASA 24
Mount and Deployment Preparation for the ASA 5506W-X 25
Safety Recommendations 25
Maintain Safety with Electricity 26
Prevent Electrostatic Discharge Damage 26
Site Environment 26
Site Considerations 27
Power Supply Considerations 27
Equipment Rack Configuration Considerations 27
CHAPTER 3
Mount and Connect 29
Desktop Mount the ASA 29
Online Only iii
Cisco ASA 5506-X, ASA 5506W-X, and ASA 5506H-X Hardware Installation Guide
Contents
Wall Mount the ASA 30
Rack Mount the ASA 32
Install the ASA 5506H-X in a DIN Rail 34
Connect Cables, Turn on Power, and Verify Connectivity 37
Connect to a Console Terminal or PC 39
Connect to the Console Port with Microsoft Windows 39
Connect to the Console Port with Mac OS X 42
Connect to the Console Port with Linux 43
CHAPTER 4
Maintenance and Upgrades 45
Connect the DC Adapter for the 5506H-X 45
Install the Adjustable Power Supply Retainer 47
Cisco ASA 5506-X, ASA 5506W-X, and ASA 5506H-X Hardware Installation Guide
iv Online Only
CHAPTER 1
Overview
This chapter describes the hardware features of the Cisco ASA 5506-X series of security appliances, and
contains the following sections:
About the ASA 5506-X, ASA 5506W-X, and ASA 5506H-X, page 1
•
Package Contents, page 4
•
Front Panel, page 5
•
Rear Panel, page 6
•
LEDs, page 8
•
Network Ports, page 11
•
Console Ports, page 11
•
Internal and External Flash Storage, page 12
•
Solid State Drive, page 12
•
Power Supply Modules, page 13
•
Hardware Specifications, page 13
•
Power Cord Specifications, page 14
•
About the ASA 5506-X, ASA 5506W-X, and ASA 5506H-X
The Cisco ASA 5506-X, ASA 5506W-X, and ASA 5506H-X adaptive security appliances are part of the ASA
5500-X of next-generation mid-range ASAs and are built on the same security platform as the rest of the ASA
family.
Note
Online Only 1
Your ASA 5506-X ships with either ASA or Firepower Threat Defense software preinstalled. To reimage
your device, see Reimage the Cisco ASA or Firepower Threat Defense Device.
This next-generation ASA delivers unprecedented levels of defense against threats to the network with deeper
web inspection and flow-specific analysis, improved secure connectivity via end-point security posture
Cisco ASA 5506-X, ASA 5506W-X, and ASA 5506H-X Hardware Installation Guide
About the ASA 5506-X, ASA 5506W-X, and ASA 5506H-X
validation, and voice and video over VPN support. It also provides enhanced support for intelligent information
networks through improved network integration, resiliency, and scalability.
This ASA is a smaller form-factor chassis, intended primarily for desktop or wall-mounting, although one or
two can be mounted in a single rack shelf. The ASA has a standard 1 RU chassis. See Cisco ASA 5500-X
Series Next-Generation Firewalls to compare the performance metrics and capabilities of the 5500-X ASAs.
Overview
Caution
Do not stack the ASA chassis on top of another ASA chassis. If you stack the units, they will overheat,
which causes the units to power cycle.
Cisco ASA 5506-X, ASA 5506W-X, and ASA 5506H-X Hardware Installation Guide
2 Online Only
Overview
About the ASA 5506-X, ASA 5506W-X, and ASA 5506H-X
ASA 5506W-X Wireless Features
The ASA 5506W-X supports two high-performing spatial stream rates over a deployable distance with
high reliability when serving clients. The ASA 5506W-X contains two simultaneous dual-band radios
(2.4-GHz and 5-GHz 802.11n MIMO radios) in a controller-based mode or autonomous mode. It has
integrated internal antennas that support full inter-operability with leading 802.11n clients. The radio
hardware supports Unified, FlexConnect, and Monitor-mode.
The ASA 5506W-X has the following processor features:
128 MB NAND flash size
•
1 MB NOR flash size
•
128 MB DDR2 memory bus, x32
•
The 2.4 GHz and 5 GHz 802.11n radios have the following features:
802.11n standard compliant
•
A-MPDU TX
•
HT Duplicate Mode
•
2TX x 2RX
•
2-spatial streams, 300 Mbps PHY rate
•
Maximal ratio combining (MRC)
•
Cyclic Shift Diversity (CSD)
•
MCS0-MCS15; Short or Long Guard Intervals
•
DFS for UNII-2 and UNII-2 Extended channels, including 0.5us radar pulse detection
•
The ASA 5506W-X is configured with four single-band, inverted-F antennas (two 2.4-GHz and two
5-GHz), which are evenly spaced inside the top of the chassis. Peak gains are approximately 3 dBi in
the 2.4-GHz band and 5 dBi in the 5-GHz band.
ASA 5506H-X Features
The ASA 5506H-X is a hardened version of the 5506-X with a ruggedized chassis, power supply, SSD,
and four ports instead of eight. It is ruggedized because it supports a much wider industrial operational
temperature range (-20C to 60C), meets the harsh EMI and environmental criteria for the IEC1613 and
IEC 61850-3 power substation standards, and meets IEC60529 IP40 for ingress protection.
The ASA 5506H-X ships with a ruggedized 5V-5.3V barrel power supply that provides 22 W. Or you
can order an optional DC power supply that supplies 24V DC (part number PWR2-20W-24VDC) or
20W 20-60V DC (part number PWR2-22W-20-60VDC).
Note
Before beginning any of the procedures described in this book, be sure to read the Regulatory Compliance
and Safety Information for the Cisco ASA 5506-X series and follow proper safety procedures.
Online Only 3
Cisco ASA 5506-X, ASA 5506W-X, and ASA 5506H-X Hardware Installation Guide
Package Contents
Package Contents
The following figure shows the package contents for the ASA 5506-X and ASA 5506W-X. Note that the
contents are subject to change and your exact contents might contain additional or fewer items.
Figure 1: ASA 5506-X and 5506W-X Package Contents
Overview
USB Console Cable (Type A to Type B)2Chassis1
Brick power supply4Power cord3
The following figure shows the package contents for the ASA 5506H-X. Note that the contents are subject
to change and your exact contents might contain additional or fewer items.
Figure 2: ASA 5506H-X Package Contents
Cisco ASA 5506-X, ASA 5506W-X, and ASA 5506H-X Hardware Installation Guide
4 Online Only
USB Console Cable (Type A to Type B)2Chassis1
Overview
Front Panel
Front Panel
Power cord4Power cord retention lock3
Power supply5
The following figure shows the front panel of the ASA 5506-X. The ASA 5506W-X has an identical front
panel. Note that there are no connectors or LEDs on the front panel.
Figure 3: 5506-X and 5506W-X Front Panel
The following figure shows the front panel of the ASA 5506H-X. Note that there are no connectors or LEDs
on the front panel.
Figure 4: 5506H-X Front Panel
Online Only 5
Cisco ASA 5506-X, ASA 5506W-X, and ASA 5506H-X Hardware Installation Guide
Rear Panel
Rear Panel
Overview
The following figure shows the rear panel of the ASA 5506-X. The 5506W-X has an identical rear panel.
Figure 5: ASA 55-6-X and 5506W-X Rear Panel
1
2Status LEDs
The locations and meanings of the status
LEDs are described in LEDs, on page
8.
Power cord socket
The chassis power-supply socket. See
Power Supply Modules, on page 13 for
more information about the chassis
power supply.
Note
The ASA is powered on when
you plug in the AC power
supply.
3
Network data ports
Eight Gigabit Ethernet RJ-45 (8P8C)
network I/O interfaces. The ports are
numbered (from left to right) 1, 2, 3, 4,
5, 6, 7, 8. Each port includes a pair of
LEDs, one each for connection status
4
Management port
A Gigabit Ethernet interface restricted
to network management access only.
Connect with an RJ-45 cable.
and link status. The ports are named and
numbered Gigabit Ethernet 1/1 through
Gigabit Ethernet 1/8. See Network
Ports, on page 11 for additional
information.
5
6Console ports
Two serial ports, a mini USB Type B,
and a standard RJ-45 (8P8C), are
provided for management access via an
external system. See Console Ports, on
page 11 for additional information.
USB port
A standard USB Type A port is
provided that allows the attachment of
an external device, such as mass storage.
See Internal and External Flash Storage,
on page 12 for additional information.
Cisco ASA 5506-X, ASA 5506W-X, and ASA 5506H-X Hardware Installation Guide
6 Online Only
Overview
Rear Panel
7
8Reset button
A small recessed button that if pressed
for longer than three seconds resets the
ASA to its default “as-shipped” state
Lock slot
The slot accepts a standard Kensington
T-bar locking mechanism for securing
the ASA.
following the next reboot. Configuration
variables are reset to factory default.
However, the flash is not erased and no
files are removed.
Note
You can use the service
sw-reset-button to disable the
reset button. The default is
enabled.
Note
Pressing the reset button on the
ASA 5506W-X does not affect
the AP configuration, but it
causes any unsaved AP
configuration to be lost,
because the system has
rebooted. After the system
reboots, if you want a default
AP configuration, use the
hw-module module wlan
recover configuration
command to recover the AP
configuration.
The following figure shows the rear panel of the 5506H-X.
Figure 6: ASA 5506H-X Rear Panel
Online Only 7
Cisco ASA 5506-X, ASA 5506W-X, and ASA 5506H-X Hardware Installation Guide
LEDs
Overview
1
2Power cord socket.
The chassis power-supply socket. See
Power Supply Modules, on page 13
for more information about the chassis
Status LEDs
The locations and meanings of the
status LEDs are described in LEDs, on
page 8.
power supply.
Note
The ASA is powered on when
you plug in the AC power
supply.
3
4Network data ports
Four Gigabit Ethernet RJ-45 (8P8C)
network I/O interfaces. The ports are
numbered (from top to bottom) 1, 2, 3,
Management port
A Gigabit Ethernet interface restricted
to network management access only.
Connect with an RJ-45 cable.
4,. Each port includes a pair of LEDs,
one each for connection status and link
status. The ports are named and
numbered Gigabit Ethernet 1/1 through
Gigabit Ethernet 1/4. See Network
Ports, on page 11 for additional
information.
5
6Console ports
Two serial ports, a standard RJ-45
(8P8C), and a mini USB Type B, are
provided for management access via
an external system. See Console Ports,
on page 11 for additional information.
USB port
A standard USB Type A port is
provided that allows the attachment of
an external device, such as mass
storage. See Internal and External Flash
Storage, on page 12 for additional
information.
LEDs
7
Reset button
A small recessed button that if pressed
for longer than three seconds resets the
ASA to its default “as-shipped” state
following the next reboot.
Configuration variables are reset to
factory default. However, the flash is
not erased and no files are removed.
Note
You can use the service
sw-reset-button to disable the
reset button. The default is
enabled.
Facing the rear of the ASA 5506-X and ASA 5506W-X chassis, the LEDs are located on the top left edge
(facing the front of the chassis, they are in the back right corner of the top). Facing the rear of the ASA
Cisco ASA 5506-X, ASA 5506W-X, and ASA 5506H-X Hardware Installation Guide
8 Online Only
Overview
LEDs
5506H-X, the LEDs are located on the bottom left of the chassis. The network port LEDs are at the top sides
of each network port. See Rear Panel, on page 6 for more information.
The following figure shows the LEDs on the top left edge.
Figure 7: LEDs
1
2Power
Power supply status:
• Unlit – Power
supply off.
• Solid green – Power
supply on.
Status
System operating status:
• Green – Normal
system function.
• Amber – Critical
alarm indicating one
or more of the
See Power Supply
Modules, on page 13 for
additional power
information specific to
your specific ASA.
following:
Major failure
•
of a hardware
or software
component.
Over-temperature
•
condition.
Power voltage
•
outside the
tolerance
range.
Online Only 9
Cisco ASA 5506-X, ASA 5506W-X, and ASA 5506H-X Hardware Installation Guide
LEDs
Overview
3
4Active
Status of the failover pair:
• Solid green –
Failover pair
operating normally.
The LED is green
always unless the
ASA in an HA pair.
• Amber – When the
ASA is in an HA
pair, the LED is
amber for the
Standby unit.
• Unlit – Failover is
not operational.
wLAN
Not in use on the ASA
5506-X or the ASA
5506-H.
Association status of the
wireless connection on
the ASA 5506W-X:
• Chirping green –
Normal operating
condition, but no
wireless client is
present.
• Green – Normal
operating condition,
at least one wireless
client is associated.
• Blinking amber –
Software upgrade in
progress.
Green, red, amber
•
sequence –
Discovery/join
process in progress.
• Blinking red –
Ethernet link not
operational.
• Unlit – Wireless is
not operational.
Network Port Status
On the rear panel of the ASA 5506-X and ASA 5506W-X, a pair of LEDs (link status and connection status)
for each of the eight Gigabit Ethernet network ports, and the Gigabit Ethernet management port.
On the rear panel of the ASA 5506H-X, a pair of LEDs (link status and connection status) for each of the four
Gigabit Ethernet network ports, and the Gigabit Ethernet Management port.
Link status (L):
• Unlit – No link, or port is not in use.
• Solid green – Link established.
• Flashing green – Link activity.
Connection-speed status (S):
• One blink every three seconds – 10 Mbps.
Cisco ASA 5506-X, ASA 5506W-X, and ASA 5506H-X Hardware Installation Guide
10 Online Only
Overview
• Two rapid blinks – 100 Mbps.
• Three rapid blinks – 1000 Mbps.
Network Ports
There are eight 10/100/1000 baseT Ethernet network ports on the ASA 5506-X and ASA 5506W-X. Each
RJ-45 (8P8C) copper port supports auto MDI/X as well as auto-negotiation for interface speed, duplex, and
other negotiated parameters, and are MDI/MDIX compliant.
In addition, the ASA 5506W-X has a Gigabit Ethernet 1/9 port that is internal and connects to the WLAN
module.
The ASA 5506H-X has four 10/100/1000 baseT Ethernet network ports. Each RJ-45 (8P8C) copper port
supports auto MDI/X as well as auto-negotiation for interface speed, duplex, and other negotiated parameters,
and are MDI/MDIX compliant.
Looking at the rear of the ASA 5506-X and ASA 5506W-X, where the ports are located, port 1 is on the left,
and port 8 is on the right, next to the console and management ports. Each port is accompanied by a pair of
LEDs, one each for link status (L) and connection status (S). The ports are named and numbered Gigabit
Ethernet 1/1 through Gigabit Ethernet 1/8. The ports are named and numbered Gigabit Ethernet 1/1 through
Gigabit Ethernet 1/4.
The four ports on the ASA 5506H-X are numbered differently. Looking at the rear of the ASA 5506H-X
where the ports are located, ports 1 and 3 are at the top from left to right. Ports 2 and 4 are on the bottom from
left to right. The ports are between the Status LEDs and the console and management ports. The ports are
named and numbered Gigabit Ethernet 1/1 through Gigabit Ethernet 1/4.
Network Ports
Console Ports
The ASA has two external console ports, a standard RJ-45 port and a Mini USB Type B serial port. Only one
console port can be active at a time. When a cable is plugged into the USB console port, the RJ-45 port
becomes inactive. Conversely, when the USB cable is removed from the USB port, the RJ-45 port becomes
active. The console ports do not have any hardware flow control. You can use the command-line interface
(CLI) to configure your ASA through either serial console port by using a terminal server or a terminal
emulation program on a computer.
In addition, the AP module inside the ASA 5506W-X has a console port, which is accessible by sessioning
to the module's console via the session wlan console command in the ASA CLI.
See Connect to a Console Terminal or PC, on page 39 for the procedure to install a console terminal.
RJ-45 Port
The RJ-45 (8P8C) port supports RS-232 signaling to an internal UART controller. The RJ-45 console
port does not support a remote dial-in modem. You can use a standard management cable (Cisco part
number 72-3383-01) to convert the RJ45-to-DB9 connection if necessary.
Online Only 11
Cisco ASA 5506-X, ASA 5506W-X, and ASA 5506H-X Hardware Installation Guide
Internal and External Flash Storage
Mini USB Type B Port
The Mini USB Type B port lets you connect to a USB port on an external computer. For Linux and
Macintosh systems, no special driver is required. For Windows systems, you must download and install
a USB driver (available on software.cisco.com). You can plug and unplug the USB cable from the
console port without affecting Windows HyperTerminal operations. We recommend shielded USB
cables with properly terminated shields. Baud rates for the USB console port are 1200, 2400, 4800,
9600, 19200, 38400, 57600, and 115200 bps.
Overview
Note
For Windows operating systems, you must install a Cisco Windows USB Console Driver on any PC
connected to the console port before using the USB console port. See Connect to the Console Port with
Microsoft Windows, on page 39 for information on installing the driver.
Internal and External Flash Storage
The ASA contains one internal USB flash drive, and a standard USB Type A port that you can use to attach
an external device. The USB port can provide output power of 5 volts, up to a maximum of 500 mA (5 USB
power units).
Internal USB Device
An embedded eUSB device is used as the internal flash; it is identified as disk0.
External USB Drive (Optional)
You can use the external Type A USB port to attach a data-storage device. The external USB drive
identifier is disk1. When the ASA is powered on, a connected USB drive is mounted as disk1 and is
available for you to use. Additionally, the file-system commands that are available to disk0 are also
available to disk1, including copy, format, delete, mkdir, pwd, cd, and so on.
If you insert a USB drive with more than one partition, only the first partition is mounted.
FAT-32 File System
The ASA only supports FAT-32-formatted file systems for the internal eUSB and external USB drives.
If you insert an external USB drive that is not in FAT-32 format, the system mounting process fails,
and you receive an error message. You can enter the command format disk1: to format the partition
to FAT-32 and mount the partition to disk1 again; however, data might be lost.
Solid State Drive
The ASA 5506-X and ASA 5506W-X ship with an SSD installed that provides storage support. The SSD has
50 GB of useable space and is not field-replaceable. You must return the entire ASA to Cisco for drive
replacement. The SSD is used by the software; there is no user access to the SSD.
The ASA 5506H-X ships with a ruggedized SSD installed that provides storage support. The SSD is an
industrial-rated part so that it operates over the extended temperature range that the ASA 5506H-X supports.
Cisco ASA 5506-X, ASA 5506W-X, and ASA 5506H-X Hardware Installation Guide
12 Online Only
Loading...