Consolidating services on a ASA5520

Mohammed Faiz Mohiuddin · ‎06-23-2012

Dear Friends,

I have 3 ASA5520, 2 of them running as remote access VPN, 1 of the ASA as site to site VPN. There are 2 different

ISP's which are used between them. Can I consolidate all these services in 1 ASA5520, relating to configuration and

whether the ASA could handle these services together without performance degradation. I forgot to mention even e-mail

service and Internet browsing is also though one of the ASA. I was just wondering whether the configuration will get messy

or is there a different approach to go about it. The OS on ASA's is 8.3 Looking forward to all the expert advices.

Regards

Faiz

Jennifer Halim · ‎06-24-2012

ASA5520 is capable of running up to 750 IPSec VPN tunnels, so if you have no more than 750 IPSec VPN tunnels, you can definitely consolidate them into 1 ASA5520.

However, ASA can't have 2 default gateway configured on 1 box, so you can't have 2 different ISP if you would like to configure 2 default gateways. But if you are using 1 ISP just for the site-to-site VPN tunnel and the other ISP just for normal internet access and remote access VPN, then yes, you can connect 2 different ISPs. One ISP will have the default route configured, and the other ISP will have static routes configured for the remote peer and remote site-to-site VPN LAN.

Here is ASA5520 capabilities for your reference:

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html#~tab-b

Hope that helps.