1) Yes. If your device is reaching 50 % of the cpu usage then you may need to upgrade for the consistent performance.
but the cpu usage increase may be due to other issues as well. But if everything is normal and cpu usage is crossing 50% then you may need to upgrade. This is one of the reason only. there are lot other.
2) Depends on your future expansion / requirement you may need for an upgrade in the model.
Feature | Cisco ASA 5505 | Cisco ASA 5510 | Cisco ASA 5520 | Cisco ASA 5540 | Cisco ASA 5550 | |
|
|
|
|
| ||
Users/Nodes | 10, 50, or unlimited | Unlimited | Unlimited | Unlimited | Unlimited | |
Firewall Throughput | Up to 150 Mbps | Up to 300 Mbps | Up to 450 Mbps | Up to 650 Mbps | Up to 1.2 Gbps | |
Maximum Firewall and IPS Throughput | • Up to 150 Mbps with AIP-SSC-5 | • Up to 150 Mbps with AIP-SSM-10 • Up to 300 Mbps with AIP-SSM-20 | • Up to 225 Mbps with AIP-SSM-10 • Up to 375 Mbps with AIP-SSM-20 • Up to 450 Mbps with AIP-SSM-40 | • Up to 500 Mbps with AIP-SSM-20 • Up to 650 Mbps with AIP-SSM-40 | Not available | |
3DES/AES VPN Throughput*** | Up to 100 Mbps | Up to 170 Mbps | Up to 225 Mbps | Up to 325 Mbps | Up to 425 Mbps | |
IPsec VPN Peers | 10; 251 | 250 | 750 | 5000 | 5000 | |
Premium AnyConnect VPN Peers* (Included/Maximum) | 2/25 | 2/250 | 2/750 | 2/2500 | 2/5000 | |
Concurrent Connections | 10,000; 25,000* | 50,000; 130,000* | 280,000 | 400,000 | 650,000 | |
New Connections/Second | 4000 | 9000 | 12,000 | 25,000 | 33,000 | |
Integrated Network Ports | 8-port Fast Ethernet switch (including 2 PoE ports) | 5 Fast Ethernet ports; 2 Gigabit Ethernet + 3 Fast Ethernet ports* | 4 Gigabit Ethernet, 1 Fast Ethernet | 4 Gigabit Ethernet, 1 Fast Ethernet | 8 Gigabit Ethernet, 4 SFP Fiber, 1 Fast Ethernet | |
Virtual Interfaces (VLANs) | 3 (no trunking support)/20 (with trunking support)* | 50/100* | 150 | 200 | 400 | |
Security Contexts (Included/Maximum)* | 0/0 | 0/0 (Base); 2/5 (Security Plus) | 2/20 | 2/50 | 2/50 | |
High Availability | Not supported; stateless Active/Standby and redundant ISP support* | Not supported; Active/Active and Active/Standby** | Active/Active and Active/Standby | Active/Active and Active/Standby | Active/Active and Active/Standby | |
Expansion Slot | 1, SSC | 1, SSM | 1, SSM | 1, SSM | 0 | |
User-Accessible Flash Slot | 0 | 1 | 1 | 1 | 1 | |
USB 2.0 Ports | 3 (1 on front, 2 on rear) | 2 | 2 | 2 | 2 | |
Serial Ports | 1 RJ-45 console | 2 RJ-45, console and auxiliary | 2 RJ-45, console and auxiliary | 2 RJ-45, console and auxiliary | 2 RJ-45, console and auxiliary | |
Rack-Mountable | Yes, with rack-mount kit (available in the future) | Yes | Yes | Yes | Yes | |
Wall-Mountable | Yes, with wall-mount kit (available in the future) | Not available | Not available | Not available | Not available | |
Security Lock Slot (for Physical Security) | Yes | Not available | Not available | Not available | Not available | |
Technical Specifications | ||||||
Memory | 512 MB | 1 GB | 2 GB | 2 GB | 4 GB | |
Minimum System Flash | 128 MB | 256 MB | 256 MB | 256 MB | 256 MB | |
System Bus | Multibus architecture | Multibus architecture | Multibus architecture | Multibus architecture | Multibus architecture | |
the above table shows the maximum capability of the ASA firewalls. when the requirement needs upgrade you have to go for that.
3) When it comes for end of support from Cisco tech.
these are the major factors for an upgrade.
do rating if the info is helpful.
cheers
Karthik
