Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 55xx 'Max IPSec Sessions' Defintion

Good morning,

I have been tasked with the project of upgrading our current remote-site VPN tunnelling.

Rather than the collection of different set-ups and protocols, I'd like to standardise it

so that all every site has a Site-to-Site IPSec Tunnel.

I just need to clarify the definition of "Maximum site-to-site and remote access VPN sessions"

to help me decide in which ASA 5500 model i require.

(http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html)

We currently require connections for 210 site-to-site connections,

each location has a static WAN IP & one subnet.

Thus I assume the 5510, with it's 250 "maximum session limit" would be correct for our requirements?

However, will the "Maximum virtual interfaces (VLANs)", which is only 50, limit me - does a site to site VPN tunnel class as a virtual interface?

Or is there any other limiting factor that I need to take into account?

Many Thanks for your time,

Chris Herridge

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: ASA 55xx 'Max IPSec Sessions' Defintion

Chris

A site to site tunnel does not class as a virtual interface. So you should not have a problem with this aspect.

I would suggest that you get (or upgrade to) the Security Plus license - which increases several things including the number of virtual interfaces.

With 210 remote sites I wonder what the amount of traffic that you are processing and whether the through put of the 5510 might be an issue. If you look at the 5520 you get considerably more memory and a better/faster processor to provide more capacity.

HTH

Rick

3 REPLIES
Hall of Fame Super Silver

Re: ASA 55xx 'Max IPSec Sessions' Defintion

Chris

A site to site tunnel does not class as a virtual interface. So you should not have a problem with this aspect.

I would suggest that you get (or upgrade to) the Security Plus license - which increases several things including the number of virtual interfaces.

With 210 remote sites I wonder what the amount of traffic that you are processing and whether the through put of the 5510 might be an issue. If you look at the 5520 you get considerably more memory and a better/faster processor to provide more capacity.

HTH

Rick

New Member

Re: ASA 55xx 'Max IPSec Sessions' Defintion

Hi Rick,

Thanks very much for your reply, the sites route the bulk of their traffic directly to the internet. It's only a collection of SOAP services sending really rather small packets of data that will be using the VPN tunnels;

So I am not too concerned about the amount of traffic, just that it can cope with that many, but if as you say the maximum number of virtual interfaces doesn't limit the actual number of site to site VPN tunnels then we'll be fine.

Thanks again for your response.

Chris

Hall of Fame Super Silver

Re: ASA 55xx 'Max IPSec Sessions' Defintion

Chris

Yes I think that you will be fine with the 5510. I would still suggest that getting the Security Plus license is worth it. I am glad that my response was helpful in resolving your question. Thank you for using the rating system to indicate that your question was resolved (and thanks for the rating). It makes the forum more useful when people can read a question and can know that a response did resolve the question.

The forum is an excellent place to learn about Cisco networking. I encourage you to continue your participation in the forum.

HTH

Rick

319
Views
0
Helpful
3
Replies