At Interop 2005, Cisco unveiled their new all-in-one ASA 5500 series security appliance. The new 1U rack mount appliance integrates the best of the Cisco PIX firewall, VPN 3000 series concentrator, and Cisco IDS/IPS (intrusion detection and prevention) appliance in to a single box at approximately the same price as their enterprise PIX series of appliances (without the IDS/IPS option). You essentially get the VPN 3000 concentrator for free and the option to add the IDS/IPS module for inline intrusion prevention. At its current state, the new ASA 5500 is running identical PIX 7.x code but is one release behind on the VPN 3000 series code but Cisco representatives have promised to catch up to the latest VPN 3000 series code in the next couple of months.
Cisco has traditionally been a dominant player in the IPSEC VPN market, but was absent from the emerging SSL-VPN market. The VPN 3000 series and now the ASA 5500 series moves Cisco in to the SSL-VPN market at a very attractive entry price with no costly per-user licensing headaches. Remote users now have the option to connect using the full blown IPSEC client, a tiny SSL-VPN client that can support traditional TCP/IP applications, or a browser based JAVA/ActiveX client which gives users the best of all worlds.
With the introduction of the new PIX 7.x code for the PIX and ASA appliances, Cisco not only improved the manageability of their firewalls but also added virtualization. The PIX and ASA can become virtual firewalls that act as independent physically detached firewalls. In it's current stage, IPSEC VPN tunnels to the virtual firewalls are not supported but Cisco has promised to add this capability in future firmware releases. Virtual VPN concentrators are also not supported at this time, but will be added in the future.