Re: Cisco ASA and Bandwidth

minterk@hooksisd.net · ‎08-17-2021

Our service provider is going from 1 GiG to 10 GIG. We have a Cisco ASA 5555 in place. If the service provider hands off 10 GIG to us will the Cisco ASA 5555 allow it at a max of 1 GIG. I am aware the ASA 5555 will only support 1 gig connection but will it still work at 1 gig with a 10 gig hand off?

If not we may have to go into a switch and VLAN it off to the ASA for now till I can get the security device upgraded.

Thank you

inderdeeps · ‎08-17-2021

minterk@hooksisd.net : well it will not as you need to have same SFP on both end to support 1 Gb. If the other end is SFP+( 10G) and is different it will not work.

minterk@hooksisd.net · ‎08-17-2021

If i have a 10 Gig SPF on both sides will the ASA 5555 still recognize it on a throughput of 1GiG on the outside interface ?

Milos_Jovanovic · ‎08-17-2021

Hi minterk@hooksisd.net,

I assume that you'll land 10G link to some other equipment, as ASA5555 only support 1G. What you can do is that you can create port-channel out of 2x 1G links, in order to achieve 2G Internet link usage (as per datasheet, ASA5555 supports up to 2Gbps of multiprotocol traffic, so increasing it more won't be beneficial).

If you'll indeed have 10G Internet link speed (not just connectivity), it could happen that Internet users reach back to your infrastructure (e.g. DMZ services) with more than ASA's capacity, which will probably affect your ASA's performance, so ideally you would apply some policing towards ASA, in order not to oversubscribe it.

BR,

Milos

inderdeeps · ‎08-17-2021

minterk@hooksisd.net : As ASA 5555 is not supporting 10 G SFP+ but let us suppose if any other device and you want to have 1 G traffic on 10G SFP+ yes you can achieve that !