-Roughly 4 Layer 3 Boundary Blocks each terminated by Layer 3 Switch
-Layer 2 communication within block, layer 3 between blocks
- ~ 1500 Nodes per Block; ~10-12 Layer 2 Switches per block
-2 CAMs and Profiler centrally located at CORE tying together the 4 blocks
-1 CAS or 2 CASes per block depending on block size
-KEY QUESTION=>: For UNTRUSTED NETWORK what would be an ideal SIZE PER SUBNET/NUMBER OF SUBNETS needed for smooth operation within one Layer 3 block being served by 1 CAS(or two if significantly large)?
I just need rough estimate for perspective's sake. Also looking at rules on Cisco website I don't specifically see a mention of how extra untrusted subnets per cas are defined(supposing you wanted to use more than one untrusted subnet per cas or why it would be suitable/unsuitable to use multiple untrusted subnets?)
Sizing NAC solutions isn't really my specialty, so take this with a grain of salt, but from what you've described so far, your line of thought would work out well. A single CAS server can easily handle upto 5K users (simultaneous) and your numbers are way below that.
For more questions, please share a network diagram with VLANs and IP Subnets marked to shine more light on them.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...