ITMall,Your IT Global Procurement Service Expert
FLSASR1-FWNAT-R
Brand Cisco
4.9Verified

FLSASR1-FWNAT-R

Model (MPN)
FLSASR1-FWNAT-R
Condition
Factory Sealed
Original Packaging (NIB)
Out of Stock

Volume & Framework Pricing

B2B Only
QuantityUnit PriceEst. Savings
1 Unit$272.20-
2 - 9 UnitsRequest Quote5 - 10%
10+ / ProjectFramework Match Tier-1 Access
Global Framework Support AvailableGet Global Discount

Key Specifications

License TypePerpetual RTU (Right-To-Use)
FunctionFirewall/NAT Stateful Inter-Chassis Redundancy
Product ID (RTU)FLASR1-FWNAT-RED, FLSASR1-FWNAT-R
Spare PAK (Paper)FLSASR1-FWNAT-R=
Spare PAK (Electronic)L-FLSASR1-FWNAT-R=
PlatformsCisco ASR 1000 Series: ASR 1001, ASR 1002 Fixed, ASR 1002, ASR 1002-X, ASR 1004, ASR 1006, ASR 1013
Your Price
Best Value
$47.00
List Price: $588.50Save 92%
Availability Out of Stock
Quantity

Need configuration help?

Our CCIE certified engineers can help you verify compatibility.

Secure Payment
VISA
Pay
WIRE

Fast Dispatch

Global logistics network aiming for same-day handover.

48hrs
Avg. Shipping
99%
On-Time

Guaranteed Quality

Every unit undergoes rigorous 38-point inspection test.

3Year
Warranty
0.1%
RMA Rate

Global Reach

Trusted by enterprise clients across 6 continents.

85+
Countries
20k+
Clients

Expert Support

Certified network engineers ready to assist with configuration.

24/7
Assistance
CCIE
Certified

Overview

The Cisco FLSASR1-FWNAT-R is the Firewall/NAT Stateful Inter-Chassis Redundancy License designed specifically for the Cisco ASR 1000 series aggregation services routers. This perpetual Right-To-Use (RTU) license enables stateful redundancy between chassis for Firewall and Network Address Translation (NAT) services, ensuring high availability and minimal downtime in demanding enterprise and service provider environments.

Key Capabilities

  • Provides stateful inter-chassis redundancy for Zone-Based Policy Firewall and NAT, allowing seamless failover between redundant ASR 1000 chassis such as ASR 1006 and ASR 1013.
  • Embedded in Cisco QuantumFlow processors, delivering firewall performance from 2.5 Gbps to 100 Gbps depending on the Embedded Service Processor (ESP) installed.
  • Supports thousands of firewall sessions with high-speed logging via NetFlow version 9, up to 40,000 sessions per second.
  • Integrates with Cisco IOS XE software for In-Service Software Upgrades (ISSU) and software/hardware redundancy options across ASR 1001, ASR 1002 fixed, ASR 1002, ASR 1002-X, ASR 1004, ASR 1006, and ASR 1013 routers.
  • Enables policy enforcement between zones using Modular QoS CLI (MQC), with explicit zone-pair policies for stateful detection at Layers 4, 7, or application level.

ASR 1000 Series Platform Overview

Cisco ASR 1000 series routers feature a separated control and data plane architecture powered by innovative Cisco QuantumFlow processors. Services including security (firewall, encryption), QoS, NBAR, Flexible Packet Matching (FPM), broadband aggregation, and Cisco Unified Border Element (SP edition) are embedded, offering up to 10x performance improvement over previous midrange solutions.

  • Models: ASR 1001 (1RU), ASR 1002 fixed (2RU), ASR 1002 (2RU), ASR 1002-X (2RU), ASR 1004 (4RU), ASR 1006 (6RU), ASR 1013 (13RU).
  • QuantumFlow processor supports services from 2.5 Gbps to 100 Gbps.
  • Software redundancy on ASR 1001, 1002 fixed, 1002, 1002-X, 1004; hardware redundancy on ASR 1006, 1013.
  • Integrated Daughter Cards (IDC) on ASR 1001: ASR1001-2XOC3POS (2 OC-3 PoS), ASR1001-4XT3 (4 T3), ASR1001-4X1GE (4 GE), ASR1001-8XCHT1E1 (8 T1/E1), ASR1001-HDD.
  • IOS XE software packages: IP Base, Advanced IP Services, Advanced Enterprise Services (with/without encryption).

Firewall and Security Features

The embedded high-speed firewall utilizes Zone-Based Policy Firewall, creating implicit barriers between interfaces in different zones. Explicit policies define stateful inspection (L4/L7/application) and session parameters per zone pair. Supports HTTP/DNS policies across Internet-DMZ boundaries, with NetFlow v9 for session state logging to network management applications.

  • Firewall throughput: 2.5 to 100 Gbps based on ESP.
  • Encryption support via ESP: up to 25 Gbps (ASR1000-ESP100).
  • IPsec VPN aggregation for up to 8000 tunnels, optimized for QoS and IP multicast.

Redundancy and High Availability

  • Software redundancy via dual IOS instances on single RP for 1RU/2RU/4RU models.
  • Hardware redundancy with modular RP and ESP on larger chassis.
  • ISSU support for hitless upgrades.
  • FLSASR1-FWNAT-R specifically enables Firewall/NAT state synchronization across chassis for stateful failover.

Applications

Enterprise: WAN edge with application availability via hierarchical QoS (232,000 queues), IPsec VPN aggregation (thousands of sites, 8000 tunnels), embedded firewall.

Service Provider: Hosted CPE with software redundancy, broadband L2TP LAC/LNS (64k users/sessions), L3VPN PE (4M IPv4/IPv6 routes, 8k VRFs), high-end route reflector (29M IPv4 routes), SBC (32k calls, 40 Gbps media).

Software Integration

Cisco IOS XE modular OS supports 6 technology packages per version: IP Base (no encryption), IP Base, Advanced IP Services, Advanced IP Services (no encryption), Advanced Enterprise Services, Advanced Enterprise Services (no encryption). Each includes 7 sub-packages: RPBase, RPControl, RPAccess (K9/non-K9), RPIOS, ESPBase, SIPSPA, SIPBase.

For ASR 1001/ASR 1002-X: Universal images (SASR1001U/NPEK9/UK9, SASR1002XU/NPEK9/UK9) plus tech packs (SLASR1-IPB/AIS/AES).

Specifications

License Details
License TypePerpetual RTU (Right-To-Use)
FunctionFirewall/NAT Stateful Inter-Chassis Redundancy
Product ID (RTU)FLASR1-FWNAT-RED, FLSASR1-FWNAT-R
Spare PAK (Paper)FLSASR1-FWNAT-R=
Spare PAK (Electronic)L-FLSASR1-FWNAT-R=
Compatibility
PlatformsCisco ASR 1000 Series: ASR 1001, ASR 1002 Fixed, ASR 1002, ASR 1002-X, ASR 1004, ASR 1006, ASR 1013
SoftwareCisco IOS XE (versions supporting ASR 1000, e.g., 2.1+, 3.1S+, 3.2S+, 3.7.0S)
Related LicensesFLASR1-FW-RTU (Firewall), FLASR1-IPSEC-RTU (Encryption), FLASR1-IOSRED-RTU (Software Redundancy)
PrerequisitesFirewall license (FLASR1-FW-RTU), hardware redundancy on ASR 1006/ASR 1013
Performance & Capacity (Firewall/NAT with Redundancy)
Firewall Throughput2.5 Gbps to 100 Gbps (ESP dependent)
SessionsThousands of sessions, 40,000 flows/sec via NetFlow v9
ESP BandwidthASR1001: 2.5-5 Gbps; ASR1002: 2.5 Gbps; ASR1002-X: 5-36 Gbps; ASR1004: 10-40 Gbps; ASR1006/1013: 10-100 Gbps
Encryption ThroughputUp to 25 Gbps (ESP100), 1.8-11 Gbps on lower ESPs
Ordering Information (Relevant Licenses)
FLASR1-IPSEC-RTUEncryption RTU license for ASR 1000
FLASR1-FPI-RTUFlexible Packet Inspection RTU license for ASR 1000
FLASR1-FW-RTUFirewall RTU license for ASR 1000
FLASR1-FWNAT-REDFirewall/NAT Stateful Inter-Chassis Redundancy license
FLASR1-IOSRED-RTUSoftware Redundancy RTU license for ASR 1000
FLASR1-AVC-RTUApplication Visibility and Control RTU license
FLASR1-LI-RTULawful Intercept license
FLASR1-BB-RTUBroadband RTU license
FLASR1-BB-4KBroadband 4k sessions license
FLASR1-BB-16KBroadband 16k sessions license
FLASR1-BB-32KBroadband 32k sessions license
FLASR1-BB-48KBroadband 48k sessions license
FLASR1-BB-64KBroadband 64k sessions license
FLASR1-CUBES-250PCUBE(SP) 250 calls permanent license
FLASR1-CUBES-2KPCUBE(SP) 2k calls permanent license
FLASR1-CUBES-4KPCUBE(SP) 4k calls permanent license
FLASR1-CUBES-10KPCUBE(SP) 10k calls permanent license
FLASR1-CUBES-16KPCUBE(SP) 16k calls permanent license
FLASR1-CUBES-32KPCUBE(SP) 32k calls permanent license
FLASR1-CUBES-LABCUBE(SP) lab license
FLASR1-CUBES-TPEXCUBE(SP) permanent license for B2BTP Exchange
Chassis Specifications (ASR 1000 Series)
ASR 1001 Physical1RU, Height 1.71in (43.43mm), Width 17.3in (439.42mm), Depth 18.5in (470mm), Weight 23.30lb (10.59kg) max
ASR 1002 Fixed Physical2RU, Height 3.5in (88.9mm), Width 17.2in (437.4mm), Depth 22in (558.8mm), Weight 36.85lb (16.75kg) max
SPA SlotsASR1001: 1 single-high; ASR1002 Fixed: 1 single-high; ASR1002/1002-X: 3; ASR1004: 8; ASR1006: 12; ASR1013: 24
ESP SlotsIntegrated on 1/2RU; 1 on ASR1004; 2 on ASR1006/1013
RP SlotsIntegrated on 1/2RU; 1 on ASR1004; 2 on ASR1006/1013
Built-in GE PortsASR1001: 4 SFP; ASR1002 Fixed/1002: 4 SFP; ASR1002-X: 6 SFP
RedundancySoftware on ASR1001/1002-F/1002/1002-X/1004; Hardware on ASR1006/1013
PowerDual redundant AC/DC (no AC/DC mix); Global AC 85-264V, DC -40.5 to -72V
AirflowFront-to-back
Operating Temp41 to 104°F (5 to 40°C)
IOS XE Packages (RP1 Examples)
SASR1R1-IPBRP1 IP Base, no encryption
SASR1R1-IPBK9RP1 IP Base
SASR1R1-AISK9RP1 Advanced IP Services
SASR1R1-AESK9RP1 Advanced Enterprise Services
Supported SPAs (Partial List)
Serial/ChannelizedSPA-8XCHT1/E1, SPA-4XCT3/DS0, SPA-2XCT3/DS0, SPA-2XT3/E3, SPA-4XT3/E3, SPA-1XCHSTM1/OC3
EthernetSPA-4X1FE-TX-V2, SPA-8X1FE-TX-V2, SPA-2X1GE-V2, SPA-5X1GE-V2, SPA-8X1GE-V2, SPA-1X10GE-L-V2
PoSSPA-2XOC3-POS, SPA-4XOC3-POS, SPA-1XOC12-POS, SPA-2XOC12-POS
ATMSPA-1XOC3-ATM-V2, SPA-3XOC3-ATM-V2
Compliance
NEBSGR-1089, GR-63 (select models)
EMCFCC 47 CFR Part 15 Class A, VCCI Class A, EN55022/CISPR 22, EN55024
SafetyUL60950-1, CSA C22.2 No. 60950-1, EN 60950-1, IEC 60950-1

Reviews

No reviews yet

Be the first to review this enterprise product.

Warranty

Standard Warranty Policy

All hardware sold by ITMall includes our 3-Year Free Maintenance and 1-Year RMA Replacement Service. Please refer to our Warranty Policy for details.

  • 1-Year Advance Replacement (RMA)
  • 3-Year Free Repair Service
  • Full coverage for functionality defects
Hassle-Free RMA Process

We streamlined the return process to minimize your network downtime. Our engineering team provides pre-return diagnostics to ensure hardware is truly defective.

  • 30-Day satisfaction guarantee return window
  • Automated RMA portal access for instant tracking
  • Restocking fee waived for functionality issues
Certified Engineering Support

Our products are backed by CCIE-certified engineers who provide expert guidance on compatibility, configuration, and troubleshooting at no extra cost.

  • Free pre-sales topology consultation
  • Remote troubleshooting & firmware advice
  • Simulation lab testing before dispatch
Global Logistics & Packaging

We ship to 85+ countries using premium anti-static packaging to ensure safety. Orders placed before 14:00 (GMT+8) are typically dispatched the same day.

  • Double-walled boxes with customer molded foam
  • Blind shipping support for channel partners
  • Real-time tracking via FedEx / DHL / UPS

Resources

Datasheet

Common Questions

What does the Cisco FLSASR1-FWNAT-R license enable on ASR 1000 series?
It enables stateful inter-chassis redundancy for Firewall and NAT services, providing high availability failover between redundant chassis like ASR 1006 and ASR 1013.
Is FLSASR1-FWNAT-R compatible with Cisco ASR 1001?
Yes, but requires hardware redundancy-capable chassis (e.g., ASR 1006, ASR 1013); software redundancy is available on ASR 1001 via FLASR1-IOSRED-RTU.
What firewall performance does FLSASR1-FWNAT-R support on ASR 1000?
Up to 100 Gbps throughput with Zone-Based Policy Firewall, depending on ESP (e.g., 2.5-5 Gbps on ASR 1001, 10-100 Gbps on ASR 1006).
Does FLSASR1-FWNAT-R require the base Firewall license?
Yes, it complements FLASR1-FW-RTU for embedded Zone-Based Firewall functionality.
What delivery options are available for FLSASR1-FWNAT-R spares?
Paper PAK (FLSASR1-FWNAT-R=) or electronic delivery (L-FLSASR1-FWNAT-R=).
Is this product Brand New?
Yes, unless clearly marked as "Refurbished", all our products are Factory Sealed (Original New) sourced directly from authorized channels.
What is the warranty period?
We provide a comprehensive 3-Year Warranty on this item. This covers hardware defects and includes advanced replacement.
Do you offer volume discounts?
Yes! For bulk orders or project bids, please click "Quote | Help" to get a custom price proposal from our sales team.
How fast can you ship?
In-stock items ordered before 3 PM EST ship the same day. We offer overnight and 2-day shipping options via FedEx/DHL.

Still have questions?