08-25-2012 08:26 AM - edited 03-11-2019 04:46 PM
Good Morning,
We are looking at upgrading our WAN between our Primary Datacenter and Secondary Datacenter to gig using licensed wireless equipment. I have been looking into firewalls to run between the two sites and it looks like for Gig connectivity we would be looking at least at the ASA 5555-X. My thoughts are to create a site to site tunnel between the two to encrypt the traffic enroute. Is there anything I'm missing when looking at this?
Sent from Cisco Technical Support iPad App
08-25-2012 10:02 AM
Hi Justin,
You are asking about the throughput of the firewall or interface capability of the firewall???
If you look for the throughput of your firewall start from 5512x you will have 1G throughput and further advanced model will have more.
say 5512x will have through put of 1G,5515x will have 1.2 Gig 5525x will have 2 Gig.... So you can better go for 5525x for your requirement. 5555x will give 4 Gig throughput....
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/data_sheet_c78-701808.html
Please do rate for the helpful posts.
By
Karthik
08-25-2012 02:26 PM
Hi Karthik,
I would be looking at the throughput specs for the firewall. If I'm not mistaken once you start
Encrypting the traffic though a site to site VPN you would have to look at the 3DES/AES throughput on the firewall?
Thank you,
Justin
08-25-2012 09:09 PM
Hi Justin,
If you are looking for throughput for entire options.... firewall,ips,vpn..etc then 5585x (Multiple modules available) which will fullfill your 1 gig capability in your firewalls.... But however its based on your requirement... If you have all the infra in your datacentre is having 1 gig throughput capability then it will be good....
Please do rate for the helpful posts.
By
Karthik
08-25-2012 03:15 PM
Hi
I would take a look at 802.1ae and apropriate switches to encrypt the links between the datacenters.
That way you gain some possibilities but on the other hand you loose some also.
I do not know what your security priorities are but it is atleast worth taking a look at.
You can atleast combine this with the ASA´s and let the Switches do the encryption and the ASA do the firewalling.
I think you will se that it will cost you less.
Good luck
Hope This Helps
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide