Question

Insight for this questions: Last week you were given a Cisco ASA 5520 firewall and told to configure it for secure shell (SSH) and a basic firewall configuration. You researched the issue and found an excellent tutorial on YouTube that stepped you through both processes. Your manager was so impressed with your Cisco expertise that he has instructed you to create a site-to-site VPN that will connect the client’s remote site with its main site. The only thing you know about creating a Cisco site-to-site VPN is how difficult it can be if not done right. Even with the help of YouTube and the Cisco documentation you found online, you are not sure your configurations are correct. You found two spare ASA 5505s in a closet that were replaced with the ASA 5520 version. Based on what you have learned, how will you ensure your site-to-site VPN configurations work correctly?

Answer 1

Site-to-site VPN extends the company's network, making computer resources from one location available to employees at other locations.

There are two types of site-to-site VPNs:

• Intranet-based — If a company has one or more remote locations that they wish to join in a single private network, they can create an intranet VPN to connect each separate LAN to a single WAN.
• Extranet-based — When a company has a close relationship with another company (such as a partner, supplier or customer), it can build an extranet VPN that connects those companies' LANs. This extranet VPN allows the companies to work together in a secure, shared network environment while preventing access to their separate intranets.

These are the things that we need to keep in mind and be careful about:

Cisco ASA Model	ASA 5505	ASA 5520
Stateful inspection throughput	Up to 150 Mbps	450 Mbps
Concurrent sessions	10,000 /25,000	280,000
Connections per second	4,000	12,000
Packets per second	85,000	320,000
Cisco AnyConnect or Clientless VPN User	25	750
Cisco Cloud Web Security users	25	300
High-availability support	Stateless Active/Standby Only	Active/Acitve and Active/Standby
Integrated I/O	8-port FE with 2 Power over Ethernet ports	4-port 10/100/1000 and 1-port FE
Expansion I/O	Not available	4-port 10/100/1000 or 4-port GE

///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////