Remote Access VPN Design Sizing Values with Radius or PKI Stress Test
We would like to guess about the maximum number of Remote Access VPN Clients (IPSEC or SSL VPN). The Endpoint may be ISRG2 or ASA FW series. In the attached documents, the maximum numbers are given as a general guideline, but we think this number may decrease if the Radius Authentication is used instead of Local User Authentication, or PKI is used. We don't want to underestimate or overestimate and design with a 20% Margin. Is there a testing done for these effects, wrt CPU, Memory or similar Router or Firewall Resources, or method we can test this? If there is a tool or method that we may simulate a number of Remote Access VPN Clients simultaneously (i.e 500) for different Authentication scenarios? We have found that IXVPN from Ixia or Load Runner from HP may be helpful, but complex to configure and use.
Devices include a license for two Premium VPN users for evaluation and remote management purposes. The total concurrent IPsec and SSL (clientless and tunnel-based) VPN sessions may not exceed the maximum concurrent IPsec session count shown in the chart. The SSL/IPsec IKEv2 VPN session number (clientless or AnyConnect client) may also not exceed the number of licensed sessions on the device. The ASA 5580 supports greater simultaneous users than the ASA 5550 at comparable overall SSL VPN throughput to the ASA 5550. VPN throughput and sessions count depend on the ASA device configuration and VPN traffic patterns. These elements should be taken in to consideration as part of your capacity planning.
The purpose of this document is to demonstrate how ISE authenticate / authorize a user that uses a smart card (PIN + Certificate) and password mechanism to login their system. This document describes the components used for this setup, configuration of IS...
For all versions of the Email Security Appliance (ESA) and Security Management Appliance (SMA), some Secure Sockets Link (SSL) certificates issued from the QuoVadis root certificate authority (CA) trust chain before 2021-03-31 cannot b...
Automation and programmability for networking and security are increasingly important topics. Every release since ISE 1.2 has included new REST API capabilities to better automate and integrate ISE with the rest of your network, appli...
The latest iteration (v2.3.4) of the Cisco Secure Firewall Migration Tool adds public beta support for S2S VPN migrations from ASA:
Policy-based (crypto map) Pre-Shared key authentication type VPN configuration to Firepower Management Center
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that manages security products like Adaptive Security Appliance (ASA), Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.
We make improvement...