Rightsizing ASA

pbuch · ‎02-20-2013

Hi

I have a customer with 22 branch offices, all connected via ASA vpn.

All branch offices are using ASA 5505.

Head quarter running 5510.

This has been running well for som years, and some of the offices have grown.

The China office is now 90 users, and the firewall is 2 x 5505 UL Sec plus (redundant) internet speed 20Mbit

Main office 2x 5510 on a 100Mbit internetconnection and 200 users.

Would the company get any advantage if they changed to higher ASA models ?

Maykol Rojas · ‎02-25-2013

Hi,

Is there any particular reason why are they thinking of changing the ASA for a 5510? The only difference between one another is the throughput and the build in switch, the rest is pratically the same.

Mike

pbuch · ‎02-25-2013

The customer is concerned about stability and latency.

I can't se that there are any latency in the ASA's today.

Would the customer gain anything by changing to ASA5512-X and ASA5515-X ?

i.va · ‎02-26-2013

Not really...the datasheet specifies 300Mbps Firewall throughput and 170Mbps VPN throughput for the ASA5510. The internet connection of the main office is 100Mbps. So if you are using the ASA only for internet access and VPN, then there would be no real advantage (apart from new features on the 5500-X platform) or performance gain by replacing it. the only other thing that might be relevant is the max. number of sessions...if that is not running high, you dont have a problem.

Maykol Rojas · ‎02-26-2013

Nope, More features maybe (Like active/active failover,multiple context or transparent firewall) but in terms of using exactly like the one in place, no, no difference.

Mike