asa 5540 vs 5520 for vpn termination point

Unanswered Question


We have a pair of asa5540 in active/standby mode doing firewall and ipsec vpn. We are planning to activate webvpn. Because of the cost to buy webvpn license for both 5540 boxes, there is a suggestion to buy one 5520 with webvpn license and install it on DMZ interface of 5540. My questions are:

1. with 300 concurrent vpn connections, will users experience some slowness on 5520 comparing to 5540?

1. Will there be a lot of delay when I terminate vpn at 5520 on the DMZ interface of 5540 due to the process of 5540 redirecting vpn traffic to 5520 first and 5520 decrypting it and sending back to 5540's DMZ interface and going through the access list of 5540 before sent out on the inside interface of 5540?

I do know that 5540 has pentium 4 2.0GHZ cpu and 1GB mem and 5520 has celeron 2.0 and 512MB.

thanks in advance for any information.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion