Jump to content

Cisco ASA 5512-X - Throughput

chiller15
By chiller15
in Networking
 Share
Posted

I work in a school and we need to reconfigure an old Cisco ASA 5512-X for routing and firewall purposes. Despite the ASA having 1GbE ports, it's throughput is limited depending on what it is doing. According to Cisco's specifications, it's throughput for different services are:

 

ASA IPS throughput:250 Mbps (extra hardware not required)

Next-generation firewall throughput (multiprotocol):200 Mbps

Triple Data Encryption Standard/Advanced Encryption Standard (3DE/AES) VPN thoughput:200 Mbps

 

We have a 200Mb up/200Mb down Internet connection and do perform web-filtering (performed on a separate device) that decrypts, inspects and re-encypts the data on the fly.

 

I want the ASA configured purely as a router and firewall so that only certain required ports are open and others can be configured if/when required.

 

My question: Is this ASA actually going to throttle the connection to 200Mbs, rather than the combined 400Mbs we receive?

Stop and think a second, something is more than nothing.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
2 hours ago, chiller15 said:

I work in a school and we need to reconfigure an old Cisco ASA 5512-X for routing and firewall purposes. Despite the ASA having 1GbE ports, it's throughput is limited depending on what it is doing. According to Cisco's specifications, it's throughput for different services are:

 

ASA IPS throughput:250 Mbps (extra hardware not required)

Next-generation firewall throughput (multiprotocol):200 Mbps

Triple Data Encryption Standard/Advanced Encryption Standard (3DE/AES) VPN thoughput:200 Mbps

 

We have a 200Mb up/200Mb down Internet connection and do perform web-filtering (performed on a separate device) that decrypts, inspects and re-encypts the data on the fly.

 

I want the ASA configured purely as a router and firewall so that only certain required ports are open and others can be configured if/when required.

 

My question: Is this ASA actually going to throttle the connection to 200Mbs, rather than the combined 400Mbs we receive?

I believe that the limit is unidirectional, meaning you should be able to achieve that speed in both directions. But if you just set it up as a router and basic firewall (just allow/deny based on layer 3/4) then you should be operating with these limits, from that same page:

Stateful inspection throughput (max):  1 Gbps
   
Stateful inspection throughput (multiprotocol):  500 Mbps

Looking to buy GTX690, other multi-GPU cards, or single-slot graphics cards: 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
7 hours ago, brwainer said:

I believe that the limit is unidirectional, meaning you should be able to achieve that speed in both directions. But if you just set it up as a router and basic firewall (just allow/deny based on layer 3/4) then you should be operating with these limits, from that same page:

Stateful inspection throughput (max):  1 Gbps
   
Stateful inspection throughput (multiprotocol):  500 Mbps

Thats also best case scenario. Real world traffic I would say more around 300mbps but still way within OPs range.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Use the 5512-X and if you are simply using it for WAN<>LAN filtering with minimal NAT configuration it will do around 650-700Mbit/s

It can do more, just depends on the ruleset you have, the heavier the rules you have the lower the performance is going to be.  Turn off any IPS if you plan to perform this on another device.

Please quote or tag me if you need a reply

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×