Cisco ASA site-to-site IPEC VPN 1

[J001]

Hello,

I am looking to implement a Site to Site IPSEC VPN connection between 2 offices.

I already have an ASA 5505 in possession, but was wondering if it would be able to cope with 100 users connecting to Main Office for data I.e Docs, Email , Internet etc ?

or do I need to go out and buy a higher model like an ASA 5510 ?

 

[unclerico]

you might be pushing it with a 5505. if you can, upsize to the 5510

 

[hairlessupportmonkey]

I think the 5505 will turn itself inside out, besides its a 30 user device!

ACSS - SME
General Geek

 

[J001]

If I have 1700 users is the 5510 still a good option ?

Also which ASA will accomodate roughly 3000 users ?

 

[unclerico]

If you have that many simultaneous users then you're looking at the 5520/5540. If you have the budget go for the next-gen offerings (the X series) since they are application-layer firewalls purpose built to do deep inspection. This is opposed to typical firewalls that have UTM bolted on which essentially destroys any meaningful throughput on the box.

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html#~tab-b

I personally use Palo Alto Networks firewalls on my Internet edge points and Cisco ASA on the inside. Cisco was lagging way behind, but I think their X series are pretty decent boxes.

 

[J001]

Hello Unclerico,

As you mention Palo Alto can you tell me if you have tried doing Site-to-Site IPSEC VPN to an ASA 5500 Series appliance ? Does anyone know if this works then we dont need to buy the ASA ?

Regards,

 

[unclerico]

Well, IPSec is IPSec so any vendor that supports it will work. The only differences are in terminology of the CLI/GUI. I have an ASA terminating a L2L tunnel to one of my Palo Alto boxes right now and it operates as it should. The only reason why most people say "buy a Cisco" is because it is well known and getting support for it is pretty easy.