Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)

PIX vs. ASA IPSEC connections

Yes, the ASA outperforms the old PIX in all categories except one. Has anyone noticed that the amount of IPSEC vpn connections in the ASA is drastically lower than its PIX predecessor? Could it be that the ASA is now doing software based incryption vs. Hardware based encryption? Has anyone caught this yet?

Example: PIX 515 can do 1,000 IPSEC VPN connections. The ASA poised to replace the 515 is the ASA 5510 which can only do 250 conc. conns. the trend follows thru the ASA lineup. If you know why, please share.... :-)

Community Member

Re: PIX vs. ASA IPSEC connections

I would challenge anyone to run 1,000 IPSEC VPN Connections or near that on a single PIX 515. I think it was more marketing banter than anything else.

The 250 seems about right from a hardware support perspective on an ASA5510, i can see that being done. More control over the maximum amount of VPN connectivity through a device allows the device to perform as expected and allows a company to plan accordingly. I think setting the expectation that a 515 would do 1,000 VPN connections to a potential customer would be dangerous.

CreatePlease to create content