I have been tasked with the project of upgrading our current remote-site VPN tunnelling.
Rather than the collection of different set-ups and protocols, I'd like to standardise it
so that all every site has a Site-to-Site IPSec Tunnel.
I just need to clarify the definition of "Maximum site-to-site and remote access VPN sessions"
to help me decide in which ASA 5500 model i require.
We currently require connections for 210 site-to-site connections,
each location has a static WAN IP & one subnet.
Thus I assume the 5510, with it's 250 "maximum session limit" would be correct for our requirements?
However, will the "Maximum virtual interfaces (VLANs)", which is only 50, limit me - does a site to site VPN tunnel class as a virtual interface?
Or is there any other limiting factor that I need to take into account?
Many Thanks for your time,
A site to site tunnel does not class as a virtual interface. So you should not have a problem with this aspect.
I would suggest that you get (or upgrade to) the Security Plus license - which increases several things including the number of virtual interfaces.
With 210 remote sites I wonder what the amount of traffic that you are processing and whether the through put of the 5510 might be an issue. If you look at the 5520 you get considerably more memory and a better/faster processor to provide more capacity.