Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1153
Views
0
Helpful
2
Replies

some questions about Cisco ASA 5505 throughput and limitations

notaciscoguy
Level 1
Level 1

‎04-05-2018 11:17 AM - edited ‎02-21-2020 07:36 AM

hello all,

I have inherited a handful of Cisco ASA 5505s, I'm not sure what exact model they are but they are all 8 port models. I tried inputting serial numbers into the cisco coverage checker to see if it would give me model numbers and none of them are recognized by that particular utility, so unfortunately this is all the information I have to go on. I have a few questions below that I was wondering if anyone had an answer to. 

1. I was curious, as they only have a 100MBPS indicator light whether these are actually only able to process at fast ethernet speeds, despite a reasonably recent production timeframe or whether that means that a link has been throttled down due to connection to older devices. 

2. regardless of whether these are gig, or fast ports, does the ASA possess the ability to actually filter traffic at that rate, or is it similar to the cheaper cisco ISR series routers like the 2911 that have gig ethernet ports but are only able to process 345Mbps? 

 

3. does enabling certain features such as the VPN, firewall, or both greatly affect the amount of traffic that is processed? 

 

I am asking because I have just recently been given a dedicated gig connection for my department, but I'm currently only utilizing half that because I am running straight from an EOL 6509 core switch and this is highly insecure because we are only securing with ACLs at the moment. I would like to set up a pair of 2911 routers with GLBP (to increase to around 700 Mbps), but all of the ones I have available are only running IPbasek9, so even though bandwidth would increase, security is still a concern in that setup. I have zero budget for purchasing extra licenses or devices so I'm trying to get the best setup with what I have on hand.  

0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-05-2018 08:00 PM

An ASA 5505 has a best case maximum throughput of about 150 Mbps. That's of course a best case lab scenario assuming several distinct flows are going through it to differing interfaces. A given interface can only run at 100 Mbps (hardware limitation). A given single flow will likely be even less.

 

A given VPN on an ASA 5505 (whether site-to-site IPsec or remote access SSL VPN) can at best run at about 25 Mbps.

 

These boxes are entry level and designed for small office / home office (SHOO) type use cases and never intended to accommodate multiple hundreds of Mbps (much less 1 Gbps) throughput.

 

 

0 Helpful

notaciscoguy
Level 1
Level 1
In response to Marvin Rhoads

‎04-18-2018 08:34 AM

interesting, but not at all surprising. thank you very much for the information. I will definitely not be implementing an ASA into my network given this revelation. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card