02-05-2013 04:09 AM - edited 03-11-2019 05:56 PM
I'm not clear about the capabilities of the ASA 5510 GigE interfaces (eth0/0 and eth0/1) with an without IPSEC tunnels enabled.
This page http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html shows a figure of 170Mbps 'Maximum 3DES/AES VPN Throughput'. Does that mean per IPSEC tunnel or for the whole interface if it is IPSEC-enabled?
Help appreciated
02-05-2013 04:54 AM
that value does NOT mean anything. The answer is "it depends".
Let say if you have 170 IPSec tunnel on the ASA and that all of the IPSec tunning tunnels are working at the same time, you are not going to get 170Mbps IPSec throughput. If you have a single IPSec tunnel, then maybe. Even at a single tunnel, you may not get 170Mbps IPSec tunnel with 64-bytes packet.
02-05-2013 05:06 AM
Right, so it therefore means that if you have IPSEC-enabled on an interface, that interface max throughput is 170Mbps. That's the crux of it right?
02-05-2013 11:45 AM
No, that is NOT true, according to my test.
When you have IPSec enable on the interface, the non-IPSec traffics can go above 170Mbps. You can not exceed 170Mbps IPSec throughput along with other IPSec traffics because the CPU will be busy processing IPSec traffics.
does it help?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide