We have a pair of asa5540 in active/standby mode doing firewall and ipsec vpn. We are planning to activate webvpn. Because of the cost to buy webvpn license for both 5540 boxes, there is a suggestion to buy one 5520 with webvpn license and install it on DMZ interface of 5540. My questions are:
1. with 300 concurrent vpn connections, will users experience some slowness on 5520 comparing to 5540?
1. Will there be a lot of delay when I terminate vpn at 5520 on the DMZ interface of 5540 due to the process of 5540 redirecting vpn traffic to 5520 first and 5520 decrypting it and sending back to 5540's DMZ interface and going through the access list of 5540 before sent out on the inside interface of 5540?
I do know that 5540 has pentium 4 2.0GHZ cpu and 1GB mem and 5520 has celeron 2.0 and 512MB.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...