Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2335
Views
15
Helpful
8
Replies

Does FPR-2110 have bandwith limitations per SA on IPsec l2l tunnel ?

Go to solution
Loc Nguyen
Level 1
Level 1

‎03-24-2021 03:30 PM

Hi,

 

We have two Cisco  FPR-2110 set up site to site vpn.

 

We tested without firewalls, the bandwidth between two sites is 500Mbps.

 

But when we have the Firewall set up site to site vpn, the maximum speed we can have for a TCP Iperf3 test is 150Mbps.

 

Does FPR-2110 have bandwith limitations per SA on IPsec l2l tunnel ?

 

 
There link above talking about it.  What do you think?

 

Thanks

 

Loc

 

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Loc Nguyen
Level 1
Level 1

‎04-08-2021 09:14 AM

Update:

After a month troubleshoot with several Cisco TACs. We escalated our case to the highest level of TAC security Team.

 

They confirm it is a bug. Can not do anything to make it better.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp25274

 

Thanks everyone for trying to help.

 

Loc

View solution in original post

0 Helpful
8 Replies 8

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-24-2021 03:57 PM

is this ASA code running on FP ?  then that is correct as per the datasheet.

 

https://www.cisco.com/c/en/us/products/collateral/security/firepower-2100-series/datasheet-c78-742473.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Loc Nguyen
Level 1
Level 1
In response to balaji.bandi

‎03-24-2021 04:50 PM

Balaji,

 

I assume you meant FP=FirePower. Yes, the firewall is FP.

 

 I looked into the link you sent, I don't see any information it says the speed limitation of an SA. Could you help to point out?

 

Thanks

Loc

 

 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Loc Nguyen

‎03-24-2021 05:02 PM - edited ‎03-24-2021 05:03 PM 

 since the device support both. but people can run any code on this device, either FTD or ASA, so the original post does not mention you running FTD or ASA, so hence the question asked.

 

ASA 

 

image.png

FTD

 

 

image.png

 

what is your internet or WAN bandwidth capacity? with out FP have you able to get more than 500MB as per your testing ?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Loc Nguyen
Level 1
Level 1
In response to balaji.bandi

‎03-24-2021 05:43 PM

Thanks Balaji again, our FP never get more than 150Mbps. 

 

I am sure that our ISP's ckt speed is stable around 500Mbps. We tested it many times.

 

I think there something on the firewall cause it but I dont know where.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Loc Nguyen

‎03-24-2021 05:53 PM - edited ‎03-24-2021 05:54 PM

Do you have any IPS other features enabled?

 

is the interface connected have good negotiation? what kind of switches? do you see any errors on switch or output drops?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Loc Nguyen
Level 1
Level 1
In response to balaji.bandi

‎03-24-2021 06:31 PM

No, I don't have IPS.

 

Connection looks good. Full duplex 1000Mbps. No drops, no errors on switches and Firewalls.

0 Helpful

Go to solution
Loc Nguyen
Level 1
Level 1
In response to balaji.bandi

‎03-24-2021 05:44 PM

and Yes, the firewall is used as FTD. Not ASA.

0 Helpful

Go to solution
Loc Nguyen
Level 1
Level 1

‎04-08-2021 09:14 AM

Update:

After a month troubleshoot with several Cisco TACs. We escalated our case to the highest level of TAC security Team.

 

They confirm it is a bug. Can not do anything to make it better.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp25274

 

Thanks everyone for trying to help.

 

Loc

0 Helpful
Customers Also Viewed These Support Documents