Solved: Thanks so much guys!!!

NInja Black · ‎04-16-2014

Hi,

For our new office (call center) we are planning to use the ASA5515 in between the ISP router and the inside LAN switch.

My concern is, can the ASA5515 support 150 users using softphones and avg internet use. For how many users can it support to.

From the description below seems it can support 250,000 concurrent connections. What does it mean by 'connection'.

http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/data_sheet_c78-701253.html

"With up to 1.2 Gbps of firewall throughput, 250,000 concurrent firewall connections, 15,000 connections per second, and 6 integrated Gigabit Ethernet interfaces, the ASA 5512-X and 5515-X are excellent choices for businesses requiring a high-performance, cost-effective, and extensible security solution with exceptional application visibility and control that can grow with their changing needs. "

Any insight is highly appreciated. It is imperative for me to understand its capacity.

Thanks.

Marvin Rhoads · ‎04-16-2014

Aniba is correct.

Connections, connections/second overall thoughput and whether or not you want to use VPN in any significant way are considerations when choosing an ASA firewall model. Those metrics are all covered in the data sheet you referenced.

I've seen that model used successfully in settings the size you describe.

View solution in original post

Marvin Rhoads · ‎04-29-2014

It may simplify the layout but I'm always a fan of doing routing on a router vs. on a firewall.

As far as performance, adding the EIGRP and NAT onto your 5515-X should not contribute in any significant way.

View solution in original post

aniba.souza · ‎04-16-2014

As Cisco ASA are statefull Firewalls, they keep a record for each active connection (tcp for example) on the ASA.

The concurrent connections limit can be seen as the capacity of this connection recording table.

NInja Black · ‎04-17-2014

Thanks so much guys!!!

Marvin Rhoads · ‎04-16-2014

Aniba is correct.

Connections, connections/second overall thoughput and whether or not you want to use VPN in any significant way are considerations when choosing an ASA firewall model. Those metrics are all covered in the data sheet you referenced.

I've seen that model used successfully in settings the size you describe.

NInja Black · ‎04-29-2014

Hey Marvin,

To add to the 150 softphone users the firewall will be doing dynamic routing (EIGRP), site-site VPN with 4 other branch offices.

Currently there is a router (3925) between the ISP router and the ASA (ISP>Router3925>asa5515>LAN switches). it takes care of EIGRP and NATing

We want to eliminate the router as it would simplify the network but I want to understand if the firewall will be able to handle the extra load. Will it hold without the router?

Marvin Rhoads · ‎04-29-2014

It may simplify the layout but I'm always a fan of doing routing on a router vs. on a firewall.

As far as performance, adding the EIGRP and NAT onto your 5515-X should not contribute in any significant way.

NInja Black · ‎05-01-2014

Thanks again Marvin.

ASA 5515 capability