the performance you would have in the sense on bandwidth would depend on the internet connections at the remote site and the "HQ". The slowest internet connection (Upload or Download) would be your bottleneck. The T1 should give you about 1.5Mbps.
If that would be enough for your 50-75 users would depend on the type of application they use. You should take the bandwidth required by the application for one user and multiply it by the amount of users you have. Then you check whether your slowest connection supports these requirements. Take note that VPN connections also have some overhead.
If these internet connections are also used for surfing the web, guaranteeing bandwidth becomes more difficult. In that case some sort of QoS would be needed.
Delay and jitter could be an issue, again depending on the applications you are using. Our VPN connections here between locations in Germany usually have about 40-100ms delay, which is good in most cases (even for VoIP).
If you are concerned about VPN throughput of the ASA itself...the 5505 has a 100Mbps throughput, which would most likely be more than you need considering you have a T1 at one end.
And finally make sure you have enough user licenses on your ASAs.
Thank you very much for the reply. There won't be any delay sensitive applications, mostly web / exchange chatter...
You mentioned licenses on my ASA's, I was under the impressions that the site to site IPSec VPN was a "persistent" connection, do I still need user liceses on my ASA...
I've found some SRND's / design overviews that have been helpful, specifically the IPsec VPN WAN design overview, which uses Cisco IOS to create the connection between two "VPN" routers, 18XX / 28XX / 38XX. Is it possible to use a 37XX router? Are there specific modules that I would need?
Of course you can also use a Router to establish a VPN between 2 sites. I haven't done this alot, so I can't give you explicit advice.
To my knowlege you can configure a a VPN on most Cisco Routers or Layer 3 Switches (e.g. with a routed port) with the appropriate IOS and feature set. The newer IOS also have an integrated Zone-Based Firewall, which you can configure, making them even more flexible and secure than the old CBAC Firewall.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...