PIX vs. ASA IPSEC connections

Unanswered Question
Oct 10th, 2007
User Badges:

Yes, the ASA outperforms the old PIX in all categories except one. Has anyone noticed that the amount of IPSEC vpn connections in the ASA is drastically lower than its PIX predecessor? Could it be that the ASA is now doing software based incryption vs. Hardware based encryption? Has anyone caught this yet?

Example: PIX 515 can do 1,000 IPSEC VPN connections. The ASA poised to replace the 515 is the ASA 5510 which can only do 250 conc. conns. the trend follows thru the ASA lineup. If you know why, please share.... :-)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
nathancielieska Thu, 10/11/2007 - 10:48
User Badges:

I would challenge anyone to run 1,000 IPSEC VPN Connections or near that on a single PIX 515. I think it was more marketing banter than anything else.

The 250 seems about right from a hardware support perspective on an ASA5510, i can see that being done. More control over the maximum amount of VPN connectivity through a device allows the device to perform as expected and allows a company to plan accordingly. I think setting the expectation that a 515 would do 1,000 VPN connections to a potential customer would be dangerous.


This Discussion