cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2655
Views
0
Helpful
6
Replies

Cisco ASA 5510 <-> Cisco 2811 VPN & WAN Optimization?

DanLloyd81
Level 1
Level 1

Hi,

I have two offices, one in London on a 100mbit connection with pair of ASA 5510's and one in Malaysia on a 4mbit connection with a single 2811. The speed between the UK and Malaysian is quite poor so I am looking into doing some WAN optimization

I was thinking of using Cisco NCE on the 2811 and have a STCP tunnel with ipsec. However it seems you can't do that from a 2811 to a ASA 5510.

Doe anybody have any ideas on how I can do WAN optimization with VPN between the two sites, preferably using the existing hardware?

Thanks,

Dan

6 Replies 6

Jitendriya Athavale
Cisco Employee
Cisco Employee

i think one way would be to implement QOS on your router side since it is the one with less bandwidth, you can reserve good amount of bandwidth for vpn traffic

Hi,

I've done that to some extent. It would be nice to go that step further and use the compression capabilites of NCE. I guess what I'm asking is what capabilites does the ASA have for VPN optimization. Is it possible for me to create a compressed VPN between a C2811 and CASA 5510.

Dan

i know for sure we can have compression with routers but i will need to check with asa not sure if we have it,

here is a link for compression on router

http://www.cisco.com/en/US/docs/routers/access/1700/1710/software/feature/guide/1700lzs.html#wp30578

here it is for asa

Specify whether to enable IP compression, which is disabled by default.

hostname(config-group-policy)# ip-comp {enable | disable}

hostname(config-group-policy)# 

To enable LZS IP compression, enter the ip-comp command with the enable keyword in group-policy configuration mode. To disable IP compression, enter the ip-comp command with the disable keyword.

To remove the ip-comp attribute from the running configuration, enter the no form of this command. This enables inheritance of a value from another group policy.

hostname(config-group-policy)# no ip-comp

hostname(config-group-policy)# 

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/vpngrp.html#wp1134870

hope this helps

if this answeres your question please mark this as answered for the benifit of others on this community

Hi,

So is ip-comp on the ASA compatiable with comp-lzs tunnels on the Cisco 2811?

Thanks,

Dan

frankly i have never tried it

but i think it should work bcoz even ASA uses Lempel-Ziv Standard (LZS), so i guess it will work, it should be worth a try probabaly all you need to try this is say 5 mins of downtime as far as vpn is concerned

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: