Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1591
Views
0
Helpful
3
Replies

ASA 5510 interface throughput

handsy
Level 1
Level 1

‎02-05-2013 04:09 AM - edited ‎03-11-2019 05:56 PM

I'm not clear about the capabilities of the ASA 5510 GigE interfaces (eth0/0 and eth0/1) with an without IPSEC tunnels enabled.

This page http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html shows a figure of 170Mbps 'Maximum 3DES/AES VPN Throughput'. Does that mean per IPSEC tunnel or for the whole interface if it is IPSEC-enabled?

Help appreciated

Labels:
0 Helpful
3 Replies 3

david.tran
Level 4
Level 4

‎02-05-2013 04:54 AM

that value does NOT mean anything.  The answer is "it depends".

Let say if you have 170 IPSec tunnel on the ASA and that all of the IPSec tunning tunnels are working at the same time, you are not going to get 170Mbps IPSec throughput.  If you have a single IPSec tunnel, then maybe.  Even at a single tunnel, you may not get 170Mbps IPSec tunnel with 64-bytes packet.

0 Helpful

handsy
Level 1
Level 1
In response to david.tran

‎02-05-2013 05:06 AM

Right, so it therefore means that if you have IPSEC-enabled on an interface, that interface max throughput is 170Mbps. That's the crux of it right?

0 Helpful

david.tran
Level 4
Level 4
In response to handsy

‎02-05-2013 11:45 AM

No, that is NOT true, according to my test. 

When you have IPSec enable on the interface, the non-IPSec traffics can go above 170Mbps.  You can not exceed 170Mbps IPSec throughput along with other IPSec traffics because the CPU will be busy processing IPSec traffics.

does it help?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card