Dear Shawn,

Truly appreciated for your reply and answers are very helpful to me. Since I am very new here in this company as a IT administrator and I only have very little knowledge in networking.

Cisco ASA 5505 is serving as primary internet connection Singapore office 1, estimate 150 users are sharing internet connection of 20Mbps with 2Mbps upload speed and around 50 users and office 2  users are using VPN accessing to office 1's ASA firewall device to access resources. At the same time some Indonesia branch users are accesssing as well. For Malaysia, 10 Mbps with 1Mps upload speed is using by 200 users. Now, malaysia Oracle team decided to use singapore oracle server as hosting server so they have a concern whether this ASA 5505 device can support addition 200 concurrent VPN access to singapore. So I presume that there will be atleast 500 users of concurrent VPN connection in total to access Oracle Server in singapore.

I have checked with Oracle server administrator that their server easily can support more than 500 users. Kindly advice me whether it is neccessary  to upgrade to higher version of ASA device or just maintain the current device with latest firmware or software? If necessary, kindly suggest to me the higher model that I should use.

Another question is how do I backup ASA device's configuration setting and way to access management mode via GUI software or web interface.

Victor 

Victory,

I'm actually going to make a number of recommendations.

1)  Find out from the Oracle server admin what the bandwidth footprint will be per VPN user.

2)  Determine how many concurrent users are expected to be on the Oracle system at the same time.

3)  Multiple the number of concurrent users by the bandwidth footprint to establish the minimum amount of bandwidth you will need at the Singapore office to support all the users.  I feel pretty comfortable in saying that your 20/2 connection will be a bottleneck.  I would recommend a Symmetrical connection like a 50/50 versus something like a 20/2 because the max upload speed at Singapore will end up being the max download speed across all remote sites as a total.  Also be sure to add some additional bandwidth for typical internet usage by Singapore users.  There's also a possibility that the bandwidth at remote sites will be to slow.  Use the same math for each office to determine it's minimum bandwidth needs.

4)  You are hitting the limits of the 5505.  To be candid, with that many users depending on your connection, I would recommend a pair of 5515X configured in Active/Standby.  I'd also recommend a secondary internet connection for redundancy.  When selecting a secondary ISP, I generally do two things.  The first is my second connection is much slower and much cheaper than my primary.  If my primary goes down, my focus is keeping things up, not fast.  The second is that I select a provider with their own infrastructure.  For example, in the US, most of our clients' primary connections are provided by a telco.  However since a primary telco controls each area, other telcos must run some portion of their connectivity over the same telco.  What that means is that if the primary connection is AT&T and the secondary connection is Verizon, part of that Verizon connectivity is run over AT&T's network making an outage of both connections more likely.  We tend to look at the local Cable providers as they truly have their own infrastructures for secondary connections.  This makes an outage of both providers nearly impossible.

Regarding backing up the ASA and a GUI interface, browse to the internal IP of the ASA.  Once you get there, you should see a link to download ASDM.  Download, install, and launch.  Once you get in, you can backup the config via the GUI.  Alternatively you can also continue to use the CLI via a program like Putty, do a show run and copy all the contents to a notepad file.