thanks for testing that. good to know.
Yeah. People don’t understand that if you’re talking sub- 1 Gbps even modest commodity hardware will blow it away these days.
I haven’t ever used them so I couldn’t say for sure. I’ve only used then in a small shop with a couple of users. Mainly just a default route to the internet. We use ASAs at my primary position. small shops on the side I push to Meraki because of the ease of support.
Whether you set this up on your ASA or a separate device (Ubiquiti Edgerouter perhaps?), it should always be “on” and have routes auto failover. There shouldn’t be a need to “get it up and running” later. Who cares if initial setup requires a competent network admin?
Well if your VM appliance is unhackable I assume it will also never update over time because why would it if it never contains any malfunctions?
The thing here is that you expose your most inner parts of your network to an foreign outsider (which we can assume your link will contain that enters your DC) which is just bad in so many ways but if you are happy with this and you dont maintain any customer data then whatever floats your boat dude, I just hope you dont maintain any of my personal information in your systems…
VMs are not unbreakable as some vendors claims, they are very much breakable and can also leak data between VM guests as has been proven for example here: https://www.youtube.com/watch?v=pKYAXk2tHG8
This one is a great example too: https://www.youtube.com/watch?v=GoipioWrzAg
And so it this: https://www.youtube.com/watch?v=SjcKqVRjNHc
I guess the above can be hard to comprehend for people like /u/soucy but I hope the rest of you gets a hint of not trusting VM isolation too much when it comes to protect your golden eggs from the evil outside.
Its sad that you think that VM environments are anywhere close to being secure along with VLAN.
VLANs are still vulnerable to hardware, software and admin (configuration) malfunctions.
If you dont care of above then why even bother to encrypt the traffic at all?
By the way even “modern” virtualization hardware (as in hyperv, vmware and the others) still have issues with high level of interrupts where they cant get anywhere close to using the very same software on a baremetal setup. And interrupthandling is what sets the upper level of performance available in a single installation.
OK whatever u/Apachez I’m not sure I can roll my eyes any harder.
So-called “physical” routers (which are increasingly becoming software routers with FPGAs to speed up specific operations) are vulnerable to all the things you just mentioned. NFV is a thing as much as you don’t want it to be. I don’t know what to tell you.
There is the (what should have been obvious) implication that you won’t be using the same level of hardware for a one-off VPN terminator that you would be using for your VM host. Of course if you’re comparing identical hardware then bare metal will be faster. The stand-alone server is prob. going to be a 1G connected box and the VM host can prob. deliver 10G if you’re doing it right so in a lot of cases the VM can be a faster option.
Also I’m not sure if you noticed but OP is looking for something than can do 2 Mbps so I’m not sure what you’re going on about. This isn’t a conversation about 10 Gbps of VPN throughput.
Hahhaa pure bullshit… the VM will never be able to perform more than baremetal.
If you got a hardware with lets say 20 cores the baremetal software appliance will always gain more performance than be running through a VM on the very same hardware which will halt it down specially when it comes to IOPS as in interupts as in packethandling.
And again, if you terminate your VPN straight into your inner core VM hardware you are doing it wrong… but sure thanks to people like you there is still a need for security out there because it clearly doesnt fix on its own.
And once again, if you dont care about security then why encrypt the traffic at all? 
Looking at your post history I’m convinced you’re just trolling now.