03-10-2011 07:48 AM - edited 02-21-2020 05:13 PM
On an ASA 5505 with the proper licenses running version 8.3, which would you consider the more resource intensive for the ASA, IPSec VPN or an SSL VPN with a portal?
The connections through the firewall would be the same so I am curious how adding the different types of VPN will affect the CPU and overall
ability of the ASA to function.
Thank you in advance.
Paul
03-10-2011 08:28 AM
Paul,
The ASAs support the max amount of VPN connections (IPsec or SSL).
The differences on performance is regarding the fact the IPsec sits at the network layer and SSL at the application layer (while both using encryption and authentication mechanisms).
If you want to check some quick notes on the differences, here's a nice document (not Cisco) but useful to compare both protocols:
http://www.arraynetworks.net/ufiles/File/SSLVPNvsIPSecWhitePaper021006.pdf
Hope it helps.
Federico.
03-10-2011 12:21 PM
Federico,
Thanks for the reply and the link. My question remains despite assurances from Cisco that their specifications are correct. I am still wondering if a
network layer VPN (IPSec) causes more or less overhead than an application layer VPN (SSL) on a Cisco 5505.
Let me offer this additional information. The amount of configuration inherant in an SSL solutioncan be quite a bit more than with an IPSec one. In this hypothetical case, what if I have 20 different SSL configurations, meaning 20 people are only allowed to access certain servers and application. Then
do you believe the overhead would be greater than an IPsec solution?
Thanks in advance.
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide