Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Combining SSL and Site-to-Site VPN configuration

Hello,

I have a simple question, what is the disadvantage, if any, for combining SSL VPN and site-to-site VPNs on a single unit?  We are looking to consolidate and would like to see if anyone has had any troubles with consolidating both of these on a single unit.  We currently have around 200+ site-to-site tunnels and around 10,000 Anyconnect VPN users.

Thanks.

Everyone's tags (2)
1 REPLY
Hall of Fame Super Silver

Assuming your hardware is

Assuming your hardware is sized to accommodate the load, there's no technical reason why you cannot combine them. (Also assuming you're not terminating your site-site VPNs on a multi-context mode firewall since remote access VPN isn't supported for those.)

The more common reason I see is to distribute across units is to lessen the operational risk and impact - i.e. if something goes wrong it only affects one type of connection or a subset of your users.

One other thing is that remote access VPNs of that size are sometimes supported via use of a VPN cluster while remote access VPNs don't support VPN cluster technology per se.

37
Views
0
Helpful
1
Replies
CreatePlease to create content