Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA-5520 Scansafe Session limits

We have an ASA-5520 - and we connect to scansafe via the connector.  at times we've had issues w/ slow internet response times. i was told that there may be a limit on how many users can simultaneously go to the internet via our ASA.  Has anyone had this issue - or come across this?  I haven't found anything yet that mentions a user limit when using scansafe - if that's the case, any ideas on overcoming this issue w/o upgrading our firewall?

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Coincidentally this was

Coincidentally this was covered in the Ask the Expert webcast earlier today. You can download the slides from the link here.

The documented recommended limit for Scansafe / CWS via the ASA 5520 is 300 users. Exceeding that will likely result in increased latency for web browsing.

Unfortunately an upgrade is likely the only solution if you're up against that limit. The number goes way up for the equivalent 5500-X series (e.g. 3,000 for the 5515-X and 4,000 for the 5525-X).

3 REPLIES
Hall of Fame Super Silver

Coincidentally this was

Coincidentally this was covered in the Ask the Expert webcast earlier today. You can download the slides from the link here.

The documented recommended limit for Scansafe / CWS via the ASA 5520 is 300 users. Exceeding that will likely result in increased latency for web browsing.

Unfortunately an upgrade is likely the only solution if you're up against that limit. The number goes way up for the equivalent 5500-X series (e.g. 3,000 for the 5515-X and 4,000 for the 5525-X).

New Member

oh wow - 300.  that

oh wow - 300.  that information would've been helpful when we purchased CWS.  ok - so if there's no $ for an upgrade - is the recommendation to revert back to doing a re-direct NAT statement similar to what we did prior to version-9 until we can upgrade the f/w to support 2000+ users?

Hall of Fame Super Silver

Yes - if it worked with the

Yes - if it worked with the older method before Version 9, you can continue to use that.

Sorry your reseller did you a disservice by not advising you on the CWS scalability limitations. that information is also available in partner collateral and in Cisco Live presentations.

372
Views
0
Helpful
3
Replies
CreatePlease to create content