Re: IPSec versus SSL on a ASA 5505

pmccubbin · ‎03-10-2011

On an ASA 5505 with the proper licenses running version 8.3, which would you consider the more resource intensive for the ASA, IPSec VPN or an SSL VPN with a portal?

The connections through the firewall would be the same so I am curious how adding the different types of VPN will affect the CPU and overall

ability of the ASA to function.

Thank you in advance.

Paul

Federico Coto Fajardo · ‎03-10-2011

Paul,

The ASAs support the max amount of VPN connections (IPsec or SSL).

The differences on performance is regarding the fact the IPsec sits at the network layer and SSL at the application layer (while both using encryption and authentication mechanisms).

If you want to check some quick notes on the differences, here's a nice document (not Cisco) but useful to compare both protocols:

http://www.arraynetworks.net/ufiles/File/SSLVPNvsIPSecWhitePaper021006.pdf

Hope it helps.

Federico.

pmccubbin · ‎03-10-2011

Federico,

Thanks for the reply and the link. My question remains despite assurances from Cisco that their specifications are correct. I am still wondering if a

network layer VPN (IPSec) causes more or less overhead than an application layer VPN (SSL) on a Cisco 5505.

Let me offer this additional information. The amount of configuration inherant in an SSL solutioncan be quite a bit more than with an IPSec one. In this hypothetical case, what if I have 20 different SSL configurations, meaning 20 people are only allowed to access certain servers and application. Then

do you believe the overhead would be greater than an IPsec solution?

Thanks in advance.

Paul