In: Computer Science
Insight for this questions: Last week you were given a Cisco ASA 5520 firewall and told to configure it for secure shell (SSH) and a basic firewall configuration. You researched the issue and found an excellent tutorial on YouTube that stepped you through both processes. Your manager was so impressed with your Cisco expertise that he has instructed you to create a site-to-site VPN that will connect the client’s remote site with its main site. The only thing you know about creating a Cisco site-to-site VPN is how difficult it can be if not done right. Even with the help of YouTube and the Cisco documentation you found online, you are not sure your configurations are correct. You found two spare ASA 5505s in a closet that were replaced with the ASA 5520 version. Based on what you have learned, how will you ensure your site-to-site VPN configurations work correctly?
Site-to-site VPN extends the company's network, making computer resources from one location available to employees at other locations.
There are two types of site-to-site VPNs:
These are the things that we need to keep in mind and be careful about:
Cisco ASA Model |
ASA 5505 |
ASA 5520 |
Stateful inspection throughput |
Up to 150 Mbps |
450 Mbps |
Concurrent sessions | 10,000 /25,000 | 280,000 |
Connections per second | 4,000 | 12,000 |
Packets per second | 85,000 | 320,000 |
Cisco AnyConnect or Clientless VPN User |
25 | 750 |
Cisco Cloud Web Security users |
25 | 300 |
High-availability support | Stateless Active/Standby Only |
Active/Acitve and Active/Standby |
Integrated I/O |
8-port FE with 2 Power over Ethernet ports | 4-port 10/100/1000 and 1-port FE |
Expansion I/O | Not available | 4-port 10/100/1000 or 4-port GE |
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////