[c-nsp] ASA - Easy VPN server - # of SAs

Clay Hoy frogmanclay at gmail.com
Tue Dec 8 12:59:20 EST 2009


I am looking at an asa5580-20 and it shows the SSL limit at 10k and the VPN
peer limit at 10k.  However, when using both you can not go over a combined
total of 10k connections.  That is per the datasheet:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet0900aecd80402e3f.html

Now, I am going to be using it as an Easy VPN server.  Knowing the ASA only
supports legacy Easy VPN and each routed subnet on the remote side uses an
SA, is the real limit 10k SAs?  That is how I read it, but I can't seem to
get a straight answer from anyone at Cisco.  If I have 2000 remote sites,
with 5 routed subnets each, am I at the limit of the box?  I know I can
cluster these boxes, but I need to know that I am going to have to up front
in order to request the proper budget and do all the right testing in the
lab.

Also, does anyone know of any series problems using the ASA55xx series as an
Easy VPN server?

Thank you everyone for your time,
Clay


More information about the cisco-nsp mailing list