Why I never use Cisco ASAs for Site to Site VPNs

  • ASAs don’t support virtual interfaces for tunnels the way IOS Routers do.
  • ASAs don’t allow for running Dynamic Routing protocols over VPN tunnels.
  • ASAs don’t allow for overlapping crypto map statements.
  • ASAs don’t allow to pin VPN tunnels to different tenants

But yeah, let’s use Cisco ASAs for all our VPN tunnels. ¬†Great idea.