Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Consolidating services on a ASA5520

Dear Friends,

I have 3 ASA5520, 2 of them running as remote access VPN, 1 of the ASA as site to site VPN. There are 2 different

ISP's which are used between them. Can I consolidate all these services in 1 ASA5520, relating to configuration and

whether the ASA could handle these services together without performance degradation. I forgot to mention even e-mail

service and Internet browsing is also though one of the ASA. I was just wondering whether the configuration will get messy

or is there a different approach to go about it. The OS on ASA's is 8.3 Looking forward to all the expert advices.



Everyone's tags (2)
Super Bronze

Consolidating services on a ASA5520

ASA5520 is capable of running up to 750 IPSec VPN tunnels, so if you have no more than 750 IPSec VPN tunnels, you can definitely consolidate them into 1 ASA5520.

However, ASA can't have 2 default gateway configured on 1 box, so you can't have 2 different ISP if you would like to configure 2 default gateways. But if you are using 1 ISP just for the site-to-site VPN tunnel and the other ISP just for normal internet access and remote access VPN, then yes, you can connect 2 different ISPs. One ISP will have the default route configured, and the other ISP will have static routes configured for the remote peer and remote site-to-site VPN LAN.

Here is ASA5520 capabilities for your reference:

Hope that helps.