Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1660
Views
0
Helpful
4
Replies

Best Site to Site VPN device

InformzIT
Level 1
Level 1

‎01-12-2012 09:07 AM - edited ‎03-04-2019 02:53 PM

We are weighing devices for running 700+ site to site VPN connections.  The debate is over ASA vs 3900 Series Router. 

Any strong feelings?

Labels:
0 Helpful
4 Replies 4

Mohamed Sobair
Level 7
Level 7

‎01-12-2012 10:25 AM

Hi,

If the requirement is to only terminate IPSec LAN to LAN Tunnels, then I would choose ASA.

Now, the Choise of the series depends on the required throughput , VPN throughput, Maximum concurrent connections .. etc.

for example, for 700+ Site to Site, I would choose ASA 5550, which can gives more number of allowed IPsec tunnels (5000) besides over 400Mbps 3DES VPN throughput.

Check below the ASA product comparison sheet:

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html#~mid-range

Regards,

Mohamed

0 Helpful

jkozlov
Level 1
Level 1
In response to Mohamed Sobair

‎01-12-2012 06:02 PM

By site to site are u talking DMVPN or just FW to FW.....we ise 7200 G2 as dmvpn hib with older 3800 as spokes. If i were refreshing this it would be an ASR1004 as the hub and 3900 as the spoke

Sent from Cisco Technical Support iPhone App

0 Helpful

Mike Schooley
Level 1
Level 1
In response to jkozlov

‎01-12-2012 07:09 PM

normally I would say a router as it gives you more options like terminating gre, but I think i read somewhere that 8.4 supported gre, havent confirmed.  nat is much more flexible with new version of asa if thats required.  also with 700 sites, I would assume your are running dmvpn, not sure asa can be used for that.

0 Helpful

Latchum Naidu
VIP Alumni
VIP Alumni
In response to Mike Schooley

‎01-13-2012 05:13 AM

Hi,

The ASA does not support DMVPN.
Initially Cisco said it might be available in 9.x (un-official), but it seems it has been removed from the road-map now, at least for 9.x (again un-official source).

So if you are planning to go DMVPN then go with Router and as said above with router you can have more options like terminating different wan links and so on...


Please rate all the helpfull posts.
Regards,
Naidu.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card