Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

ASA5515-x Question

I've been trying to find a good article, on a deep-dive into the ASA5500-x architecture. I remember reading once, with the older 5500 series, that depending on how many ports you are going to actively use, you may want to add an additional port module, if you can, for better performance. Also, with the 5515-x series, have any of you run over 80 IPSec tunnels? I was just wondering how to calculate performance when it comes to these features. Alsod, does anyone know of a stable version from 8.6 to the current 9.1 I believe? I'm still trying to do my own research, but figured I would see what you guys think as well. Some of you are more experienced with the new ASA's than I am.

2 REPLIES
Hall of Fame Super Silver

ASA5515-x Question

There's no good publicly released ASA 5500-X series internals document that I've seen. The best ones are typically in the (free) Cisco Live 365 site. BRKSEC 3020 is a deep dive into packet processing on the ASA in general. I don't think that's significantly changed in the X series - they do have the multicore CPU and the SMP images take advantage of that. Re port modules, I haven't seen any reference to that limitation in the X series. I do know you can now mix base unit and port module-based interfaces in portchannels.

I've not run that many IPsec tunnels on any ASA. Re performance, there was an independent (Miercom) report commissioned by Cisco on the X series and it is available for download here. It is mostly just throughput-based though.

Currently the greatest number of bug fixes are incorporated into ASA 9.0(3) and 9.1(2) software releases.

ASA5515-x Question

Thank fo the response Marvin, I appreciate it. I read that article, it was pretty good, but as you said, it's mostly talks about throughput and not IPSec throughput.

I think I may go with 9.1(2) from looking at the bug fixes.

113
Views
4
Helpful
2
Replies
CreatePlease login to create content