ASAv Realistic Maximum AnyConnect IPsec Capability

brandon5203 · ‎05-14-2024

I am trying to track down data on how a virtualized ASA handles AnyConnect IPSec loads of around 1000 active tunnels (or more) with certificate based authentication.

I currently have a Firepower 4150 with ASA code and would like to understand if it is feasible to migrate to a virtualized deployment (VMware on-prem) as the 4150 reaches end of life soon.

Does anyone have experience with heavy VPN usage on ASAv or happen to be aware of published white papers on the topic?

Thanks,

Brandon

balaji.bandi · ‎05-14-2024

check the datasheet for the requirement :

i see ASAv30 - 750 and ASAv50 - 10000

https://www.cisco.com/c/en/us/products/collateral/security/adaptive-security-virtual-appliance-asav/adapt-security-virtual-appliance-ds.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

brandon5203 · ‎05-14-2024

Balaji,

Thank you for your response!

Yes, I am aware of the datasheet and would actually pursue the ASAv100. I am really looking for real world experience feedback.

For extra context, the specs for the VMware build would include a 20 cores @ 2 GHz CPU with 32 GB of RAM. The VPN tunnels have from my perspective, a small bandwidth requirement that maxes out at around 100 Kbps per tunnel.

Brandon

balaji.bandi · ‎05-14-2024

Not that matter what throuput you use, the tunnel capacity mentioned based on the model

you can contact partner when you placing order to give confirmation - cisco datasheet based on real world testing.

Note - no vendor post the white and black with out testing it.

1000 tunnel requirement like for providers and banks and retailers - so best is contact cisco partner.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help