02-13-2009 01:24 PM - edited 03-11-2019 07:50 AM
Anyone have any experiences or opinions on running 8.x code on an ASA firewall pair that will have about 80 IPSEC tunnels on it? We have to migrate from our old 3000 series concentrator. The allure of the 8.x code is the ability to debug a single tunnel. It's a big feature to have but we don't want to move to it if there are some downfalls we don't know about. So if anyone has an opinion, please share. Last thing we want is to move all these tunnels and have to move back because of some weird bug.
02-14-2009 01:33 PM
Do you have any idea on the throughput requirements for the majority of the tunnels? What about security requirements for tunnel encryption? Is AES a requirement for a large proportion of the tunnels?
On paper, it shouldn't be an issue, but I don't have any direct experience with that many IPSec tunnels terminating on a single ASA cluster.
02-14-2009 02:19 PM
thanks for the reply.
currently, none of the tunnels will have AES encryption. 90% have 3des/md5, the other 10% has 3des/sha.
I don't have an idea of the throughput. The current tunnels pass through a 3030. Unfortunately, these ASAs are 5510s, but according to Cisco documentation, can handle that many VPNs.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide