Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5515 capability

 

Hi,

 For our new office (call center) we are planning to use the ASA5515 in between the ISP router and the inside LAN switch.

My concern is, can the ASA5515 support 150 users using softphones and avg internet use. For how many users can it support to.

 

From the description below seems it can support 250,000 concurrent connections. What does it mean by 'connection'.

http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/data_sheet_c78-701253.html

"With up to 1.2 Gbps of firewall throughput, 250,000 concurrent firewall connections, 15,000 connections per second, and 6 integrated Gigabit Ethernet interfaces, the ASA 5512-X and 5515-X are excellent choices for businesses requiring a high-performance, cost-effective, and extensible security solution with exceptional application visibility and control that can grow with their changing needs. "

 

Any insight is highly appreciated. It is imperative for me to understand its capacity.

Thanks.

  • Firewalling
2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Silver

Aniba is correct.Connections,

Aniba is correct.

Connections, connections/second overall thoughput and whether or not you want to use VPN in any significant way are considerations when choosing an ASA firewall model. Those metrics are all covered in the data sheet you referenced.

I've seen that model used successfully in settings the size you describe.

Hall of Fame Super Silver

It may simplify the layout

It may simplify the layout but I'm always a fan of doing routing on a router vs. on a firewall.

As far as performance, adding the EIGRP and NAT onto your 5515-X should not contribute in any significant way.

6 REPLIES
New Member

As Cisco ASA are statefull

As Cisco ASA are statefull Firewalls, they keep a record for each active connection (tcp for example) on the ASA.

 

The concurrent connections limit can be seen as the capacity of this connection recording table.

New Member

Thanks so much guys!!!

Thanks so much guys!!!

Hall of Fame Super Silver

Aniba is correct.Connections,

Aniba is correct.

Connections, connections/second overall thoughput and whether or not you want to use VPN in any significant way are considerations when choosing an ASA firewall model. Those metrics are all covered in the data sheet you referenced.

I've seen that model used successfully in settings the size you describe.

New Member

Hey Marvin,  To add to the

Hey Marvin,

 

 To add to the 150 softphone users the firewall will be doing dynamic routing (EIGRP), site-site VPN with 4 other branch offices.

Currently there is a router (3925) between the ISP router and the ASA (ISP>Router3925>asa5515>LAN switches). it takes care of EIGRP and NATing

 

We want to eliminate the router as it would simplify the network but I want to understand if the firewall will be able to handle the extra load. Will it hold without the router?

 

Hall of Fame Super Silver

It may simplify the layout

It may simplify the layout but I'm always a fan of doing routing on a router vs. on a firewall.

As far as performance, adding the EIGRP and NAT onto your 5515-X should not contribute in any significant way.

New Member

 Thanks again Marvin.

 

Thanks again Marvin.

251
Views
4
Helpful
6
Replies