04-05-2018 11:17 AM - edited 02-21-2020 07:36 AM
hello all,
I have inherited a handful of Cisco ASA 5505s, I'm not sure what exact model they are but they are all 8 port models. I tried inputting serial numbers into the cisco coverage checker to see if it would give me model numbers and none of them are recognized by that particular utility, so unfortunately this is all the information I have to go on. I have a few questions below that I was wondering if anyone had an answer to.
1. I was curious, as they only have a 100MBPS indicator light whether these are actually only able to process at fast ethernet speeds, despite a reasonably recent production timeframe or whether that means that a link has been throttled down due to connection to older devices.
2. regardless of whether these are gig, or fast ports, does the ASA possess the ability to actually filter traffic at that rate, or is it similar to the cheaper cisco ISR series routers like the 2911 that have gig ethernet ports but are only able to process 345Mbps?
3. does enabling certain features such as the VPN, firewall, or both greatly affect the amount of traffic that is processed?
I am asking because I have just recently been given a dedicated gig connection for my department, but I'm currently only utilizing half that because I am running straight from an EOL 6509 core switch and this is highly insecure because we are only securing with ACLs at the moment. I would like to set up a pair of 2911 routers with GLBP (to increase to around 700 Mbps), but all of the ones I have available are only running IPbasek9, so even though bandwidth would increase, security is still a concern in that setup. I have zero budget for purchasing extra licenses or devices so I'm trying to get the best setup with what I have on hand.
04-05-2018 08:00 PM
An ASA 5505 has a best case maximum throughput of about 150 Mbps. That's of course a best case lab scenario assuming several distinct flows are going through it to differing interfaces. A given interface can only run at 100 Mbps (hardware limitation). A given single flow will likely be even less.
A given VPN on an ASA 5505 (whether site-to-site IPsec or remote access SSL VPN) can at best run at about 25 Mbps.
These boxes are entry level and designed for small office / home office (SHOO) type use cases and never intended to accommodate multiple hundreds of Mbps (much less 1 Gbps) throughput.
04-18-2018 08:34 AM
interesting, but not at all surprising. thank you very much for the information. I will definitely not be implementing an ASA into my network given this revelation.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide