Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
443
Views
0
Helpful
3
Replies

VPN PROJECT - CISCO ASA

Go to solution
veltech
Level 1
Level 1

‎07-04-2013 10:45 AM

Hi All,

We have a large project ongoing in which we are setting up a firewall / VPN service to offer customers VPN connections back to a single VPN server. We will have around 1,000 users but only run about 200 - 250 concurrent sessions at any one time and both IP Sec and SSL will be fine. As part of our evaluation and build phase we need to first of all consider hardware and Cisco is an obviuos choice as we have the in house expertise. However, I consider that for this customer it would be better to provide a solution that will scale as their subscribers grow and so my view is the ASA 5510 would be a good start point and we can upgrade if their subscriber base grows. We also need to run active / standby failover. However, the licenceing issues are a little confussing to say the least and so would appreciate a second opinion from someone on this forum who has some recent experience of a similar build and install. The hardware and software spec for this build are important so any suggestions in this regard would also be very welcome. We have considered any connect premium but this may get expensive when looking at 250 concurrent sessions. Here are the basic questions.

1. What would be the best hardware solution to offer to this customer to get them started ?

2. With Anyconnect is the licencse based on concurrent sessions or registered user accounts, or put another way could we have 1,000 user accounts with 250 concurrent connections?

3. Is there a better way to configure 250 concurrent VPNs with around 1,000 users?

Any help would as always be greatly appreciated.

Regards,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎07-04-2013 12:16 PM

>> 1. What would be the best hardware solution to offer to this customer to get them started ?

The 5510 is a legacy model that shouldn't be bought any more as the first firewall. And the simultaneous users are also too low. You should look into the 5525-X. This model supports 750 simultaneous VPN-connections. The next smaller model, the 5515-X only supports 250 concurrent sessions.


>> 2. With Anyconnect is the licencse based on concurrent sessions or registered user accounts, or put another way could we have 1,000 user accounts with 250 concurrent connections?

yes, the concurrent sessions are what counts.

>> 3. Is there a better way to configure 250 concurrent VPNs with around 1,000 users?

You should decide if you really need clientless VPNs. If your users could all use a full tunnel client (AnyConnect), then you only have to buy the AnyConnect Essentials License which is quite cheap.


Sent from Cisco Technical Support iPad App

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Karsten Iwen
VIP
VIP

‎07-04-2013 12:16 PM

>> 1. What would be the best hardware solution to offer to this customer to get them started ?

The 5510 is a legacy model that shouldn't be bought any more as the first firewall. And the simultaneous users are also too low. You should look into the 5525-X. This model supports 750 simultaneous VPN-connections. The next smaller model, the 5515-X only supports 250 concurrent sessions.


>> 2. With Anyconnect is the licencse based on concurrent sessions or registered user accounts, or put another way could we have 1,000 user accounts with 250 concurrent connections?

yes, the concurrent sessions are what counts.

>> 3. Is there a better way to configure 250 concurrent VPNs with around 1,000 users?

You should decide if you really need clientless VPNs. If your users could all use a full tunnel client (AnyConnect), then you only have to buy the AnyConnect Essentials License which is quite cheap.


Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP

‎07-04-2013 12:16 PM

>> 1. What would be the best hardware solution to offer to this customer to get them started ?

The 5510 is a legacy model that shouldn't be bought any more as the first firewall. And the simultaneous users are also too low. You should look into the 5525-X. This model supports 750 simultaneous VPN-connections. The next smaller model, the 5515-X only supports 250 concurrent sessions.


>> 2. With Anyconnect is the licencse based on concurrent sessions or registered user accounts, or put another way could we have 1,000 user accounts with 250 concurrent connections?

yes, the concurrent sessions are what counts.

>> 3. Is there a better way to configure 250 concurrent VPNs with around 1,000 users?

You should decide if you really need clientless VPNs. If your users could all use a full tunnel client (AnyConnect), then you only have to buy the AnyConnect Essentials License which is quite cheap.


Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
veltech
Level 1
Level 1
In response to Karsten Iwen

‎07-11-2013 08:52 AM

Hi,

Thanks for your help with our question. We have gone with ASA 5510 any connect essentials.

Regards,

0 Helpful
Customers Also Viewed These Support Documents