I've been trying to find a good article, on a deep-dive into the ASA5500-x architecture. I remember reading once, with the older 5500 series, that depending on how many ports you are going to actively use, you may want to add an additional port module, if you can, for better performance. Also, with the 5515-x series, have any of you run over 80 IPSec tunnels? I was just wondering how to calculate performance when it comes to these features. Alsod, does anyone know of a stable version from 8.6 to the current 9.1 I believe? I'm still trying to do my own research, but figured I would see what you guys think as well. Some of you are more experienced with the new ASA's than I am.
There's no good publicly released ASA 5500-X series internals document that I've seen. The best ones are typically in the (free) Cisco Live 365 site. BRKSEC 3020 is a deep dive into packet processing on the ASA in general. I don't think that's significantly changed in the X series - they do have the multicore CPU and the SMP images take advantage of that. Re port modules, I haven't seen any reference to that limitation in the X series. I do know you can now mix base unit and port module-based interfaces in portchannels.
I've not run that many IPsec tunnels on any ASA. Re performance, there was an independent (Miercom) report commissioned by Cisco on the X series and it is available for download here. It is mostly just throughput-based though.
Currently the greatest number of bug fixes are incorporated into ASA 9.0(3) and 9.1(2) software releases.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :