(3) There are theoretical throughput limits on each of the ASA units (as with any FW / Router). The encryption domains could potentially get messy as you're looking at each tunnel having it's own subnet locally and all other subnets remote on it's tunnel config. Each edge site's 5505 (or another device if you have a Layer 3 switch or other routing inside the firewall) will need to know to pass the other sites' subnet ranges over the VPN tunnel to the main site, which would also need to pass the traffic over the corresponding tunnel to the destination site. From there the site to site communication among the 'edge' locations is just dependant on routing. (2) You will need a site to site tunnel from each of the 5 remote sites back to the main site (1 tunnel on each of the ASA 5505 units and 5 tunnels on the ASA 5510 unit). From a security standpoint the VPN will cover your needs and most any compliance issues as well as an MPLS would. Versus a VPN connection which usually relies on a less expensive / less reliable ISP for up-time. The main upside of an MPLS is that you generally have an SLA or guarantee of a certain amount of up-time. (1) It's hard to say 'better' between MPLS and a VPN, as each has it's pros and cons.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |