Cisco ASA 5510 <-> Cisco 2811 VPN & WAN Optimization?

Unanswered Question
Jul 25th, 2010

Hi,

I have two offices, one in London on a 100mbit connection with pair of ASA 5510's and one in Malaysia on a 4mbit connection with a single 2811. The speed between the UK and Malaysian is quite poor so I am looking into doing some WAN optimization

I was thinking of using Cisco NCE on the 2811 and have a STCP tunnel with ipsec. However it seems you can't do that from a 2811 to a ASA 5510.

Doe anybody have any ideas on how I can do WAN optimization with VPN between the two sites, preferably using the existing hardware?

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-fareast-language:EN-US;}

Thanks,

Dan

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jitendriya Athavale Sun, 07/25/2010 - 10:44

i think one way would be to implement QOS on your router side since it is the one with less bandwidth, you can reserve good amount of bandwidth for vpn traffic

DanLloyd81 Sun, 07/25/2010 - 10:47

Hi,

I've done that to some extent. It would be nice to go that step further and use the compression capabilites of NCE. I guess what I'm asking is what capabilites does the ASA have for VPN optimization. Is it possible for me to create a compressed VPN between a C2811 and CASA 5510.

Dan

Jitendriya Athavale Sun, 07/25/2010 - 11:42

here it is for asa

Specify whether to enable IP compression, which is disabled by default.

hostname(config-group-policy)# ip-comp {enable | disable}

hostname(config-group-policy)# 

To enable LZS IP compression, enter the ip-comp command with the enable keyword in group-policy configuration mode. To disable IP compression, enter the ip-comp command with the disable keyword.

To remove the ip-comp attribute from the running configuration, enter the no form of this command. This enables inheritance of a value from another group policy.

hostname(config-group-policy)# no ip-comp

hostname(config-group-policy)# 

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/vpngrp.html#wp1134870

hope this helps

if this answeres your question please mark this as answered for the benifit of others on this community

DanLloyd81 Sun, 07/25/2010 - 11:45

Hi,

So is ip-comp on the ASA compatiable with comp-lzs tunnels on the Cisco 2811?

Thanks,

Dan

Jitendriya Athavale Sun, 07/25/2010 - 21:47

frankly i have never tried it

but i think it should work bcoz even ASA uses Lempel-Ziv Standard (LZS), so i guess it will work, it should be worth a try probabaly all you need to try this is say 5 mins of downtime as far as vpn is concerned

Actions

This Discussion