Cisco WS-C5509, ASA5520-BUN-K9 - ASA 5520 Appliance, ASA5550-BUN-K9 - ASA 5550 Firewall Edition Bundle, ASA 5510, ASA 5520 Hardware Installation Manual

...

Cisco ASA 5500 Series Hardware Installation Guide

For the ASA 5510, ASA 5520, ASA 5540, and ASA 5550

Americas Headquarters

Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 527-0883

Customer Order Number: 78-17989-01 Text Part Number: 78-17989-01

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The following inform ation is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense.

The following information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequency energy. If it is not installed in accordance with Cisco’s installation instructions, it may cause interference with radio and television reception. This equipment has been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. These specifications are designed to provide reasonable protection against such interference in a residential installation. However, there is no guarantee that interference will not occur in a particular installation.

Modifying the equipment without Cisco’s written authorization may result in the equipment no longer complying with FCC requirements for Class A or Class B digital devices. In that event, your right to use the equipment may be limited by FCC regulations, and you may be required to correct any interference to radio or television communications at your own expense.

You can determine whether your equipment is causing interference by turning it off. If the interference stops, it was probably caused by the Cisco equipment or one of its peripheral devices. If the equipment causes interference to radio or television reception, try to correct the interference by using one or more of the following measures:

• Turn the television or radio antenna until the interference stops.

• Move the equipment to one side or the other of the television or radio.

• Move the equipment farther away from the television or radio.

• Plug the equipment into an outlet that is on a different circuit from the television or radio. (That is, make certain the equipment and the television or radio are on circuits controlled by different circuit breakers or fuses.)

Modifications to this product not authorized by Cisco Systems, Inc. could void the FCC approval and negate your authority to operate the product.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Cisco ASA 5500 Series Hardware Installation Guide

CONTENTS

About This Guide v

Document Objectives v

Audience v

Document Organization v

Document Conventions vi

Installation Warnings vi

Where to Find Safety and Warning Information x

Obtaining Documentation and Submitting a Service Request 1-x

CHAPTER

1 Overview 1-1

Product Overview 1-2

Memory Requirements 1-5

2 Preparing for Installation 2-1

Overview 2-1

Installation Overview 2-1

Safety Recommendations 2-2

Maintaining Safety with Electricity 2-2 Preventing Electrostatic Discharge Damage 2-3

General Site Requirements 2-4

Site Environment 2-4 Preventive Site Configuration 2-4 Power Supply Considerations 2-4 Configuring Equipment Racks 2-6

3 Installing the Adaptive Security Appliance 3-1

Installing the Adaptive Security Appliance 3-1

Rack-Mounting the Chassis 3-2 Setting the Chassis on a Desktop 3-3 Connecting the Interface Cables 3-4

CHAPTER

4 Maintenance and Upgrade Procedures 4-1

Removing and Replacing the Chassis Cover 4-1

78-17989-01

Cisco ASA 5500 Series Hardware Installation Guide

Contents

Removing the Chassis Cover 4-1 Replacing the Chassis Cover 4-2

Working in an ESD Environment 4-3

Removing and Replacing a Lithium Battery in the SSM 4-4

Removing and Replacing the Power Supply 4-4

Removing the AC Power Supply 4-4 Replacing the AC Power Supply 4-6

Installing the DC Model 4-7

Removing and Replacing the CompactFlash 4-10

Removing the System CompactFlash 4-10 Replacing the System CompactFlash 4-11 Removing the User CompactFlash 4-12 Replacing the User CompactFlash 4-12

Installing and Replacing the 4GE SSM 4-13

Overview 4-13 Installing the 4GE SSM 4-14 Replacing the 4GE SSM 4-15 Installing and Removing the SFP Modules 4-15

SFP Module 4-16 Installing the SFP Module 4-17 Removing the SFP Module 4-18

APPENDIX

NDEX

Installing and Replacing the Intelligent SSM 4-19

Overview 4-20 Installing and Replacing the AIP/CSC SSM 4-21

Installing the AIP/CSC SSM 4-21 Replacing the AIP/CSC SSM 4-22

Upgrading Memory for the Cisco ASA 5510 4-22

Removing the DIMM 4-23 Installing the DIMM 4-25

4-26

1 Cable Pinouts 1-1

10/100/1000BaseT Connectors 1-1

Console Port (RJ-45) 1-2

RJ-45 to DB-9 1-4

MGMT 10/100/1000 Ethernet Port 1-4

Gigabit and Fibre Channel Ports 1-5

Cisco ASA 5500 Series Hardware Installation Guide

78-17989-01

About This Guide

This preface includes the following sections:

• Document Objectives, page 3

• Audience, page 3

• Document Organization, page 3

• Document Conventions, page 4

• Installation Warnings, page 4

• Obtaining Documentation and Submitting a Service Request, page 8

Document Objectives

This guide describes how to perform installation and maintenance procedures on the Cisco ASA 5500 Series Adaptive Security Appliances. The information in this guide applies to the following Cisco ASA 5500 Series Adaptive Security Appliance models: Cisco ASA 5510, Cisco ASA 5520, Cisco ASA 5540, and Cisco ASA 5550. In this guide, references to "Cisco ASA 5500 Series Adaptive Security Appliance" and "adaptive security appliance" apply to all models unless specifically noted otherwise.

Audience

This guide is for network administrators who perform any of the following tasks:

• Managing network security

• Installing and configuring firewalls

• Managing default and static routes, and TCP and UDP services

Document Organization

This guide includes the following chapters and appendices:

• Chapter 1, “Overview” describes the product and the memory requirements.

• Chapter 2, “Preparing for Installation,” describes the steps to follow before installing new hardware

or performing hardware upgrades.

78-17989-01

Cisco ASA 5500 Series Hardware Installation Guide

• Chapter 3, “Installing the Adaptive Security Appliance,”describes how to install the chassis on the

wall or rack and how to connect the interface cables on the adaptive security appliance.

• Chapter 4, “Maintenance and Upgrade Procedures,” describes how to remove and replace the chassis

cover, the lithium battery in the SSM, the power supply, the CompactFlash, and the SSMs.

• Appendix 1, “Cable Pinouts,” describes the cable pinouts.

Document Conventions

Command descriptions use these conventions:

• Braces ({ }) indicate a required choice.

• Square brackets ([ ]) indicate optional elements.

• Vertical bars (|) separate alternative, mutually exclusive elements.

• Boldface indicates commands and keywords that are entered literally as shown.

• Italics indicate arguments for which you supply values.

Examples use these conventions:

• Examples depict screen displays and the command line in screen font.

About This Guide

• Information you need to enter in examples is shown in boldface screen font.

• Variables for which you must supply a value are shown in

Graphical user interface examples uses these conventions:

• Boldface indicates buttons and menu items.

• Selecting a menu item (or pane) is indicated by the following convention:

Choose Start > Settings > Control Panel.

Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the

manual.

Installation Warnings

Be sure to read the Regulatory Compliance and Safety Information for the Cisco ASA 5500 Series document that accompanied this device before installing the chassis. This document contains important safety information. This section includes the following warnings:

• Power Supply Disconnection Warning, page 5

• Jewelry Removal Warning, page 5

• Wrist Strap Warning, page 5

italic screen

font.

• Work During Lightning Activity Warning, page 5

• Installation Instructions Warning, page 5

• Chassis Warning for Rack-Mounting and Servicing, page 6

• Short-Circuit Protection Warning, page 6

• SELV Circuit Warning, page 6

Cisco ASA 5500 Series Hardware Installation Guide

78-17989-01

About This Guide

• Ground Conductor Warning, page 6

• Blank Faceplates and Cover Panels Warning, page 6

• Product Disposal Warning, page 6

• Short-Circuit Protection Warning, page 7

• Compliance with Local and National Electrical Codes Warning, page 7

• DC Power Connection Warning, page 7

• AC Power Disconnection Warning, page 7

• TN Power Warning, page 7

• 48 VDC Power System, page 7

• Multiple Power Cord, page 7

• Circuit Breaker (15A) Warning, page 7

• Grounded Equipment Warning, page 8

• Safety Cover Requirement, page 8

• Faceplates and Cover Panel Requirement, page 8

Power Supply Disconnection Warning

Warning

Before working on a chassis or working near power supplies, unplug the power cord on AC units; disconnect the power at the circuit breaker on DC units.

Jewelry Removal Warning

Warning

Before working on equipment that is connected to power lines, remove jewelry (including rings, necklaces, and watches). Metal objects will heat up when connected to power and ground and can cause serious burns or weld the metal object to the terminals.

Wrist Strap Warning

Warning

During this procedure, wear grounding wrist straps to avoid ESD damage to the card. Do not directly touch the backplane with your hand or any metal tool, or you could shock yourself.

Work During Lightning Activity Warning

Statement 12

Statement 43

Statement 94

Warning

Do not work on the system or connect or disconnect cables during periods of lightning activity.

Statement 1001

Installation Instructions Warning

Warning

78-17989-01

Read the installation instructions before connecting the system to the power source.

Statement 1004

Cisco ASA 5500 Series Hardware Installation Guide

Chassis Warning for Rack-Mounting and Servicing

About This Guide

Warning

To prevent bodily injury when mounting or servicing this unit in a rack, you must take special precautions to ensure that the system remains stable. The following guidelines are provided to ensure your safety:

rack.When mounting this unit in a partially filled rack, load the rack from the bottom to the top with the heaviest component at the bottom of the rack.If the rack is provided with stabilizing devices, install the stabilizers before mounting or servicing the unit in the rack.

Short-Circuit Protection Warning

Warning

This product requires short-circuit (overcurrent) protection, to be provided as part of the building installation. Install only in accordance with national and local wiring regulations.

SELV Circuit Warning

Warning

To avoid electric shock, do not connect safety extra-low voltage (SELV) circuits to telephone-network voltage (TNV) circuits. LAN ports contain SELV circuits, and WAN ports contain TNV circuits. Some LAN and WAN ports both use RJ-45 connectors. Use caution when connecting cables.

Ground Conductor Warning

This unit should be mounted at the bottom of the rack if it is the only unit in the

Statement 1006

Statement 1045

Statement 1021

Warning

This equipment must be grounded. Never defeat the ground conductor or operate the equipment in the absence of a suitably installed ground conductor. Contact the appropriate electrical inspection authority or an electrician if you are uncertain that suitable grounding is available.

Blank Faceplates and Cover Panels Warning

Warning

Blank faceplates and cover panels serve three important functions: they prevent exposure to hazardous voltages and currents inside the chassis; they contain electromagnetic interference (EMI) that might disrupt other equipment; and they direct the flow of cooling air through the chassis. Do not operate the system unless all cards, faceplates, front covers, and rear covers are in place.

1029

Product Disposal Warning

Warning

Ultimate disposal of this product should be handled according to all national laws and regulations.

Statement 1040

Statement 1024

Statement

Cisco ASA 5500 Series Hardware Installation Guide

78-17989-01

About This Guide

Short-Circuit Protection Warning

Warning

This product requires short-circuit (overcurrent) protection, to be provided as part of the building installation. Install only in accordance with national and local wiring regulations.

Compliance with Local and National Electrical Codes Warning

Warning

Installation of the equipment must comply with local and national electrical codes.

DC Power Connection Warning

Warning

After wiring the DC power supply, remove the tape from the circuit breaker switch handle and reinstate power by moving the handle of the circuit breaker to the ON position.

AC Power Disconnection Warning

Warning

Before working on a chassis or working near power supplies, unplug the power cord on AC units.

Statement 246

TN Power Warning

Statement 1045

Statement 1074

Statement 8

Warning

The device is designed to work with TN power systems.

48 VDC Power System

Warning

The customer 48 volt power system must provide reinforced insulation between the primary AC power and the 48 VDC output.

Multiple Power Cord

Warning

This unit has more than one power cord. To reduce the risk of electric shock when servicing a unit, disconnect the power cord of the power strip that the unit is plugged into.

Circuit Breaker (15A) Warning

Warning

This product relies on the building’s installation for short-circuit (overcurrent) protection. Ensure that a fuse or circuit breaker no larger than 120 VAC, 15A U.S. (240 VAC, 10A international) is used on the phase conductors (all current-carrying conductors).

Statement 19

Statement 128

Statement 137

Statement 13

78-17989-01

Cisco ASA 5500 Series Hardware Installation Guide

Grounded Equipment Warning

About This Guide

Warning

This equipment is intended to be grounded. Ensure that the host is connected to earth ground during normal use.

Statement 39

Safety Cover Requirement

Warning

The safety cover is an integral part of the product. Do not operate the unit without the safety cover installed. Operating the unit without the cover in place will invalidate the safety approvals and pose a risk of fire and electrical hazards.

Statement 117

Faceplates and Cover Panel Requirement

Warning

142

Where to Find Safety and Warning Information

For safety and warning information, see the Regulatory Compliance and Safety Information for the Cisco ASA 5500 Series document that accompanied the product. This document describes the

international agency compliance and safety information for the Cisco ASA 5500 Series Adaptive Security Appliance. It also includes translations of the safety warnings.

Statement

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What’s New in Cisco Product Documentation as an RSS feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service. Cisco currently supports RSS Version 2.0.

Cisco ASA 5500 Series Hardware Installation Guide

78-17989-01

CHA PTER

Overview

Read through the entire guide before beginning any of the procedures in this book.

Warning

Caution Read the safety warnings in the Regulatory Compliance and Safety Information for the Cisco ASA 5500

Note The illustrations in this chapter show the Cisco ASA 5540 adaptive security appliance. The

Only trained and qualified personnel should install, replace, or service this equipment.

Series and follow proper safety procedures when performing these steps.

This chapter describes the product and the memory requirements, and includes the following topics:

• Product Overview, page 1-2

• Memory Requirements, page 1-5

Cisco ASA 5510 and Cisco ASA 5520 adaptive security appliance look identical, containing the same back panel features and indicators. The Cisco ASA 5550 has a fixed configuration with an embedded 4GE slot as shown in Figure 1-3.

Statement 49

OL-10089-01

Cisco ASA 5500 Series Hardware Installation Guide

1-1

Product Overview

119638

POWER STATUS

FLASH

ACTIVE

VPN

CISCO ASA 5540

SERIES

Adaptive Security Appliance

119572

LINK SPD

LINK SPD2LINK SPD1LINK SPD

MGMT

USB2

USB1

FLASH

CONSOLE

AUX

POWER

STATUS

FLASH

8 10 12

VPN

ACTIVE

Product Overview

This section describes the front and rear panels. Figure 1-1 shows the front panel LEDs.

Figure 1-1 Front Panel LEDs

LED Color State Description

1 Power Green On The system has power. 2 Status Green Flashing The power-up diagnostics are running or the system is booting.

3 Active Green Flashing There is network activity. 4 VPN Green Solid VPN tunnel is established. 5 Flash Green Solid The CompactFlash is being accessed.

Chapter 1 Overview

Solid The system has passed power-up diagnostics.

Amber Solid The power-up diagnostics have failed.

Figure 1-2 shows the rear panel.

Figure 1-2 Rear Panel LEDs and Ports (AC Power Supply Model Shown)

1 Management port 2 External CompactFlash slot 7 Network interfaces 3 Serial Console port 8 Power indicator LED 13 AUX port 4 Power switch 9 Status indicator LED 14 Power connector 5 Power indicator LED 10 Active LED

1. The management 0/0 interface is a Fast Ethernet interface designed for management traffic only.

2. Not supported at this time.

3. GigabitEthernet interfaces, from right to left, GigabitEthernet 0/0, GigabitEthernet 0/1, GigabitEthernet 0/2, and GigabitEthernet 0/3.

Cisco ASA 5500 Series Hardware Installation Guide

1-2

6 USB 2.0 interfaces

11 VPN LED 12 Flash LED

OL-10089-01

Chapter 1 Overview

153642

LINK SPD2LINK SPD1LINK SPD

LINK SPD

MGMT

USB2

USB1

FLASH

CONSOLE

AUX

POWER

STATUS

FLASH

12 14 16

VPN

ACTIVE

LNK

SPD0123

2 3

Product Overview

4. The RJ-45 Auxiliary port (labeled AUX on the chassis) is reserved for internal use at Cisco. The port is not functional in shipping versions of the chassis; therefore, customers cannot connect to this port to run the adaptive security appliance CLI.

For more information about the Management port, see themanagement only command in the Cisco Security Appliance Command Reference.

The Cisco ASA 5550 has a fixed configuration with an embedded 4GE slot as shown in Figure 1-3.

Figure 1-3 Rear Panel LEDs and Ports for the Cisco ASA 5550

1 RJ-45 ports

9 USB 2.0 interfaces

2 RJ-45 Link LED 10 Management port

3 RJ-45 Speed LED 11 Network interfaces

17 AUX port

18 External CompactFlash slot

19 Serial Console port

4 Power LED 12 Power indicator LED 20 Power switch

5 Status LED 13 Status indicator LED 21 Power indicator LED

6 SFP ports

14 Active LED 22 Power connector

7 SFP Link LED 15 VPN LED

8 SFP Speed LED 16 Flash LED

1. GigabitEthernet ports, from right to left, GigabitEthernet 1/0, GigabitEthernet 1/1, GigabitEthernet 1/2, and GigabitEthernet 1/3

2. Not supported at this time.

3. The management 0/0 interface is a Fast Ethernet interface designed for management traffic only.

4. GigabitEthernet interfaces, from right to left, GigabitEthernet 0/0, GigabitEthernet 0/1, GigabitEthernet 0/2, and GigabitEthernet 0/3.

5. SFP ports, from right to left, GigabitEthernet 1/0, GigabitEthernet 1/1, GigabitEthernet 1/2, and GigabitEthernet 1/3

Table 1-1 describes the 4GE SSM LEDs.

Table 1-1 4GE SSM LEDs for the Cisco ASA 5550

LED Color State Description

2, 7 LINK Green Solid

There is an Ethernet link.

OL-10089-01

Flashing

There is Ethernet activity.

Cisco ASA 5500 Series Hardware Installation Guide

1-3

Product Overview

126917

USB2

USB1

LNK SPD

LNK SPD2LNK SPD1LNK SPD

MGMT

Table 1-1 4GE SSM LEDs (continued) for the Cisco ASA 5550

LED Color State Description

3, 8 SPEED Off

Green

10 MB

100 MB

There is no network activity.

There is network activity at 100 Mbps.

Chapter 1 Overview

Amber

1000 MB (GigE)

There is network activity at 1000 Mbps.

4 POWER Green On The system has power.

5 STATUS Green

Green

Amber

Flashing

Solid

The system is booting.

The system booted correctly.

The system diagnostics failed.

Figure 1-4 shows the adaptive security appliance rear panel LEDs.

Figure 1-4 Rear Panel Link and Speed Indicator LEDs

1 MGMT indicator LEDs 2 Network interface LEDs

1-4

Table 1-2 lists the rear MGMT and Network interface LEDs.

Table 1-2 Link and Speed LEDs

Indicator Color Description

Left side Solid green

Green flashing

Right side Not lit

Green

Amber

Note The Cisco ASA 5510 adaptive security appliance supports only 10/100BaseTX. The Cisco ASA 5520

Physical link

Network activity

10 Mbps

100 Mbps

1000 Mbps

and the Cisco ASA 5540 support 1000BaseT.

Cisco ASA 5500 Series Hardware Installation Guide

OL-10089-01

Chapter 1 Overview

Memory Requirements

Table 1-3 lists the CPU and the memory specifications for each model.

Table 1-3 CPU and Memory Specifications

ASA Model CPU Default DRAM Memory Default Internal Flash Memory

Cisco ASA 5510 1.6 GHz Celeron 256 MB 512MB

Cisco ASA 5520 2.0 GHz Celeron 512 MB 512MB

Cisco ASA 5540 2.0 GHz Pentium 4 1024 MB 512MB

Cisco ASA 5550 3.0 GHz Pentium 4 4096 MB 512MB

In a failover configuration, the two units must have the same hardware configuration. They must be the same model, have the same number and types of interfaces, and the same amount of RAM.

Note The two units do not have to have the same size Flash memory. If using units with different Flash

memory sizes in your failover configuration, make sure the unit with the smaller Flash memory has enough space to accommodate the software image files and the configuration files. If it does not, configuration synchronization from the unit with the larger Flash memory to the unit with the smaller Flash memory will fail.

Memory Requirements

For more information, see the Cisco Security Appliance Command Line Configuration Guide.

Memory Requirements for Software Version 8.3 and Later

For information on memory requirements for the adaptive security appliance for software Version 8.3 or later, go to:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_bulletin_c25-58

6414.html

OL-10089-01

Cisco ASA 5500 Series Hardware Installation Guide

1-5

Memory Requirements

Chapter 1 Overview

Cisco ASA 5500 Series Hardware Installation Guide

1-6

OL-10089-01

Overview

CHA PTER

Preparing for Installation

The information in this guide applies to the following Cisco ASA 5500 series Adaptive Security Appliance models: Cisco ASA 5510, Cisco ASA 5520, Cisco ASA 5540, and Cisco ASA 5550. In this guide, references to “Cisco ASA 5500 series Adaptive Security Appliance” and “adaptive security appliance” apply to all models unless specifically noted otherwise.

This chapter describes the steps to follow before installing new hardware or performing hardware upgrades, and includes the following sections:

• Overview, page 2-1

• Installation Overview, page 2-1

• Safety Recommendations, page 2-2

• General Site Requirements, page 2-4

The adaptive security appliance delivers unprecedented levels of defense against threats to the network with deeper web inspection and flow-specific analysis, improved secure connectivity via end-point security posture validation, and voice and video over VPN support. It also provides enhanced support for intelligent information networks through improved network integration, resiliency, and scalability.

The adaptive security appliance software combines firewall, VPN concentrator, and intrusion prevention software functionality into one software image. Previously, these functions were available in three separate devices, each with its own software and hardware. Combining the functionality into just one software image provides significant improvements in the available features.

Additionally, the Cisco ASA 5500 series Adaptive Security Appliance software supports Adaptive Security Device Manager. ASDM is a browser-based, Java applet used to configure and monitor the software on the adaptive security appliances. ASDM is loaded from the adaptive adaptive security appliance, then used to configure, monitor, and manage the device.

Installation Overview

To prepare for the installation of the chassis, perform the following steps:

Step 1 Review the safety precautions outlined in the Regulatory Compliance and Safety Information for the

Cisco ASA 5500 Series document.

78-17989-01

Cisco ASA 5500 Series Hardware Installation Guide

2-1

Safety Recommendations

Step 2 Read the release notes for the respective software version.

Step 3 Unpack the chassis. An accessory kit ships with the chassis and includes the following items:

documentation, a product CD, a power cord (AC models only), two RJ-45 Ethernet cables, one RJ-45 to DB-9 console cable, a rack-mounting kit, and four self-adhesive feet (for desktop mounting).

Step 4 Place the chassis on a stable work surface.

Safety Recommendations

Use the following guidelines and the information in the following sections to help ensure your safety and protect the adaptive security appliance. The list of guidelines may not address all potentially hazardous situations in your working environment, so be alert and exercise good judgement at all times.

Note If you need to remove the chassis cover to install a hardware component, such as additional memory or

an interface card, doing so does not affect your Cisco warranty. Upgrading the adaptive security appliance does not require any special tools and does not create any radio frequency leaks.

Chapter 2 Preparing for Installation

The safety guidelines are as follows:

• Keep the chassis area clear and dust-free before, during and after installation.

• Keep tools away from walk areas where you and others could fall over them.

• Do not wear loose clothing or jewelry, such as earrings, bracelets, or chains, that could get caught

in the chassis.

• Wear safety glasses if you are working under any conditions that might be hazardous to your eyes.

• Do not perform any action that creates a potential hazard to people or makes the equipment unsafe.

• Never attempt to lift an object that is too heavy for one person to handle.

This section includes the following topics:

• Maintaining Safety with Electricity, page 2-2

• Preventing Electrostatic Discharge Damage, page 2-3

Maintaining Safety with Electricity

Warning

Before working on a chassis or working near power supplies, unplug the power cord on AC units; disconnect the power at the circuit breaker on DC units.

Follow these guidelines when working on equipment powered by electricity:

• Before beginning procedures that require access to the interior of the chassis, locate the emergency

power-off switch for the room in which you are working. Then, if an electrical accident occurs, you can act quickly to turn off the power.

Statement 12

• Do not work alone if potentially hazardous conditions exist anywhere in your work space.

• Never assume that power is disconnected from a circuit; always check the circuit.

Cisco ASA 5500 Series Hardware Installation Guide

2-2

78-17989-01

Chapter 2 Preparing for Installation

• Look carefully for possible hazards in your work area, such as moist floors, ungrounded power

extension cables, frayed power cords, and missing safety grounds.

• If an electrical accident occurs, proceed as follows:

–

• Use the adaptive security appliance chassis within its marked electrical ratings and product usage

instructions.

• Install the adaptive security appliance in compliance with local and national electrical codes as listed

in the Regulatory Compliance and Safety Information for the Cisco ASA 5500 Series document.

• The adaptive security appliance models equipped with AC-input power supplies are shipped with a

3-wire electrical cord with a grounding-type plug that fits only a grounding-type power outlet. Do not circumvent this safety feature. Equipment grounding should comply with local and national electrical codes.

Safety Recommendations

Use caution; do not become a victim yourself.

Disconnect power from the system.

If possible, send another person to get medical aid. Otherwise, assess the condition of the victim and then call for help.

Determine if the person needs rescue breathing or external cardiac compressions; then take appropriate action.

• The adaptive security appliance models equipped with DC-input power supplies must be terminated

with the DC input wiring on a DC source capable of supplying at least 15 amps. A 15-amp circuit breaker is required at the 48 VDC facility power source. An easily accessible disconnect device should be incorporated into the facility wiring. Be sure to connect the grounding wire conduit to a solid earth ground. We recommend that you use a closed loop ring to terminate the ground conductor at the ground stud. The DC return connection to this system is to remain isolated from the system frame and chassis.

Other DC power guidelines are listed in the Regulatory Compliance and Safety Information for the Cisco ASA 5500 Series document.

Preventing Electrostatic Discharge Damage

Electrostatic discharge (ESD) can damage equipment and impair electrical circuitry. ESD damage occurs when electronic components are improperly handled and can result in complete or intermittent failures.

• Always follow ESD-prevention procedures when removing and replacing components. Ensure that

the chassis is electrically connected to earth ground. Wear an ESD-preventive wrist strap, ensuring that it makes good skin contact. Connect the grounding clip to an unpainted surface of the chassis frame to safely ground ESD voltages. To properly guard against ESD damage and shocks, the wrist strap and cord must operate effectively. If no wrist strap is available, ground yourself by touching the metal part of the chassis.

• For safety, periodically check the resistance value of the antistatic strap, which should be between

1 and 10 megohms (Mohms).

78-17989-01

Cisco ASA 5500 Series Hardware Installation Guide

2-3

General Site Requirements

The topics in this section describe the requirements your site must meet for safe installation and operation of your system. Ensure that your site is properly prepared before beginning installation.

This section includes the following topics:

• Site Environment, page 2-4

• Preventive Site Configuration, page 2-4

• Power Supply Considerations, page 2-4

• Configuring Equipment Racks, page 2-6

Site Environment

Place the chassis on a desktop or mount it on a rack. The location of the chassis and the layout of the equipment rack or wiring room are extremely important for proper system operation. Equipment placed too close together, inadequate ventilation, and inaccessible panels can cause system malfunctions and shutdowns, and can make the chassis maintenance difficult.

Chapter 2 Preparing for Installation

For information on physical specifications, see table 7 at the following url:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet0900a ecd802930c5.html.

When planning the site layout and equipment locations, keep in mind the precautions described in the next section “Preventive Site Configuration, page 2-4,” to help avoid equipment failures and reduce the possibility of environmentally caused shutdowns. If you are currently experiencing shutdowns or unusually high error rates with your existing equipment, these precautions may help you isolate the cause of failures and prevent future problems.

Preventive Site Configuration

The following precautions will help plan an acceptable operating environment for the chassis and avoid environmentally caused equipment failures:

• Electrical equipment generates heat. Ambient air temperature might not be adequate to cool

equipment to acceptable operating temperatures without adequate circulation. Ensure that the room in which you operate your system has adequate air circulation.

• Always follow the ESD-prevention procedures described previously to avoid damage to equipment.

Damage from static discharge can cause immediate or intermittent equipment failure.

• Ensure that the chassis top panel is secure. The chassis is designed to allow cooling air to flow

effectively within it. An open chassis allows air leaks, which may interrupt and redirect the flow of cooling air from the internal components.

Power Supply Considerations

For information on power supply considerations including environmental operating ranges and power requirements, see table 7 at the following url:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet0900a ecd802930c5.html

Cisco ASA 5500 Series Hardware Installation Guide

2-4

78-17989-01

Chapter 2 Preparing for Installation

120356

120357

The following chassis models can have either an AC or DC power supply: Cisco ASA 5510, Cisco ASA 5520, Cisco ASA 5540, and Cisco ASA 5550.

Observe the following considerations:

• Check the power at the site before installing the chassis to ensure that the power is “clean” (free of

spikes and noise). Install a power conditioner if necessary, to ensure proper voltages and power levels in the source voltage.

• Install proper grounding for the site to avoid damage from lightning and power surges.

• In a chassis equipped with an AC-input power supply, use the following guidelines:

–

• In a chassis equipped with a DC-input power supply, use the following guidelines:

–

General Site Requirements

The chassis does not have a user-selectable operating range. Refer to the label on the chassis for the correct AC-input power requirement.

Several styles of AC-input power supply cords are available; make sure you have the correct style for your site.

Install an uninterruptible power source for your site, if possible.

Install proper site grounding facilities to guard against damage from lightning or power surges.

Each DC-input power supply requires dedicated 3-5 amp service.

–

For DC power cables, we recommend a minimum of 14 AWG wire cable.

–

The DC return connection to this system is to remain isolated from the system frame and chassis.

You will also need to provide power to the switch with the appropriate AC power cord for your location.

Table 2-1 lists the power cords that are used with the AC power supply.

Table 2-1 AC-Input Power Cord Options

Locale Part Number Length Plug Rating Plug Type

Appliance Coupler

300 W AC Power Supply

North America CAB-AC (72-0259) 8.2 ft (2.5 m) 125 VAC, 10 A

Australia, CAB-ACA

8.2 ft (2.5 m) 250 VAC, 10 A

(72-0746-01)

Europe (except Italy)

78-17989-01

CAB-ACE (72-0460) 8.2 ft (2.5 m) 250 VAC, 10 A

Cisco ASA 5500 Series Hardware Installation Guide

2-5

General Site Requirements

120358

120359

120356

251247

251248

Table 2-1 AC-Input Power Cord Options (continued)

Chapter 2 Preparing for Installation

Locale Part Number Length Plug Rating Plug Type

Italy CAB-ACI 72-0556 8.2 ft (2.5 m) 250 VAC, 10 A

Singapore

CAB-ACU 72-0557 8.2 ft (2.5 m) 250 VAC, 10 A

United Kingdom

Argentina CAB-ACR

(37-0995-01)

Switzerland CAB-ACS

(72-1483-01)

Japan CAB-JPN

(72-1925-01)

8.2 ft (2.5 m) 250 VAC, 10 A

India CAB-IND-10A

(37-0863-01)

South Africa AIR-PWR-CORD-SA

(37-0346-01)

Configuring Equipment Racks

For information on physical specifications, see table 7 at the following url:

Cisco ASA 5500 Series Hardware Installation Guide

2-6

8.2 ft (2.5 m) 250 VAC, 10 A

78-17989-01

+ 50 hidden pages

Cisco WS-C5509, ASA5520-BUN-K9 - ASA 5520 Appliance, ASA5550-BUN-K9 - ASA 5550 Firewall Edition Bundle, ASA 5510, ASA 5520 Hardware Installation Manual

Specifications and Main Features

Frequently Asked Questions

User Manual