I have many VPN's connecting to our ASA 5520 firewall. They are all our own remote offices so no external companies etc.
I currently only open the ports that they required as al the servers are hosted where the ASA is (no servers are offsite all VPN come inbound for the servers), but I'm sure this put extra strain on the ASA's CPU and memory and maybe slow down the connection from the VPN's while it processes the rules.
I was wondering what you do, do you lock yours down or simply have and IP any any rule?
I could be totally wrong and maybe there is no CPU and memory overhead and locking down is the best model.
Thanks for your time.