09-04-2013 05:42 AM - edited 03-11-2019 07:33 PM
Hi All,
Our office has Cisco Firewall Device ASA 5505 with is using for singapore office and malaysia office. Singapore office is the ORACLE system hosting party and all the connections to ORACLE system will flow back directly into the ORACLE server. I have a concern that firewall device applied now in Singapore office will face bottleneck issue when the full force of connections from Malaysia office connect directly to the Singapore office and shared the resource of ORACLE system service for more than 100 users access concurrently by going through the Cisco ASA 5505 Firewall device.
1) Do we need to upgrade Cisco ASA 5505 Firewall Device to the higher version of Cisco Firewall device?
2) If the networking bottleneck situation do happened and caused the ORACLE system goes very slow and affect the production sector, what could be the best solution to be applied in order to fix the occurred bottleneck issue?
Kindly adive me. Thank you for your help.
Victor
Solved! Go to Solution.
09-04-2013 07:11 AM
Victor,
Let me start by saying that I have little to no exposure to Oracle. That said, I'm assuming, since you're using as ASA for connectivity, that the connection will be a VPN between Singapore and Malaysia. Where a potential bottleneck will exist will depend on a number of factors.
I know it isn't a clear answer to your question, but considering the number of factors to take into consideration, it's difficult to give a clear answer without considerable more information. I hope this is helpful.
Shawn Eftink
CCNA/CCDA
Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
09-04-2013 07:11 AM
Victor,
Let me start by saying that I have little to no exposure to Oracle. That said, I'm assuming, since you're using as ASA for connectivity, that the connection will be a VPN between Singapore and Malaysia. Where a potential bottleneck will exist will depend on a number of factors.
I know it isn't a clear answer to your question, but considering the number of factors to take into consideration, it's difficult to give a clear answer without considerable more information. I hope this is helpful.
Shawn Eftink
CCNA/CCDA
Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
09-07-2013 05:34 AM
Dear Shawn,
Truly appreciated for your reply and answers are very helpful to me. Since I am very new here in this company as a IT administrator and I only have very little knowledge in networking.
Cisco ASA 5505 is serving as primary internet connection Singapore office 1, estimate 150 users are sharing internet connection of 20Mbps with 2Mbps upload speed and around 50 users and office 2 users are using VPN accessing to office 1's ASA firewall device to access resources. At the same time some Indonesia branch users are accesssing as well. For Malaysia, 10 Mbps with 1Mps upload speed is using by 200 users. Now, malaysia Oracle team decided to use singapore oracle server as hosting server so they have a concern whether this ASA 5505 device can support addition 200 concurrent VPN access to singapore. So I presume that there will be atleast 500 users of concurrent VPN connection in total to access Oracle Server in singapore.
I have checked with Oracle server administrator that their server easily can support more than 500 users. Kindly advice me whether it is neccessary to upgrade to higher version of ASA device or just maintain the current device with latest firmware or software? If necessary, kindly suggest to me the higher model that I should use.
Another question is how do I backup ASA device's configuration setting and way to access management mode via GUI software or web interface.
Victor
09-07-2013 07:17 PM
Victory,
I'm actually going to make a number of recommendations.
1) Find out from the Oracle server admin what the bandwidth footprint will be per VPN user.
2) Determine how many concurrent users are expected to be on the Oracle system at the same time.
3) Multiple the number of concurrent users by the bandwidth footprint to establish the minimum amount of bandwidth you will need at the Singapore office to support all the users. I feel pretty comfortable in saying that your 20/2 connection will be a bottleneck. I would recommend a Symmetrical connection like a 50/50 versus something like a 20/2 because the max upload speed at Singapore will end up being the max download speed across all remote sites as a total. Also be sure to add some additional bandwidth for typical internet usage by Singapore users. There's also a possibility that the bandwidth at remote sites will be to slow. Use the same math for each office to determine it's minimum bandwidth needs.
4) You are hitting the limits of the 5505. To be candid, with that many users depending on your connection, I would recommend a pair of 5515X configured in Active/Standby. I'd also recommend a secondary internet connection for redundancy. When selecting a secondary ISP, I generally do two things. The first is my second connection is much slower and much cheaper than my primary. If my primary goes down, my focus is keeping things up, not fast. The second is that I select a provider with their own infrastructure. For example, in the US, most of our clients' primary connections are provided by a telco. However since a primary telco controls each area, other telcos must run some portion of their connectivity over the same telco. What that means is that if the primary connection is AT&T and the secondary connection is Verizon, part of that Verizon connectivity is run over AT&T's network making an outage of both connections more likely. We tend to look at the local Cable providers as they truly have their own infrastructures for secondary connections. This makes an outage of both providers nearly impossible.
Regarding backing up the ASA and a GUI interface, browse to the internal IP of the ASA. Once you get there, you should see a link to download ASDM. Download, install, and launch. Once you get in, you can backup the config via the GUI. Alternatively you can also continue to use the CLI via a program like Putty, do a show run and copy all the contents to a notepad file.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide