Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2771
Views
0
Helpful
5
Replies

ASA 5585-X (ASA5585-SSP-40) maximum SSL VPN throughput

Go to solution
TommyNilsson0342
Level 1
Level 1

‎03-12-2020 06:02 AM

I am not sure where you see the throughput for SSL VPN.

I found that it does not have the same throughput as 3DES/AES IPsec VPN

 

Here we can se that it got 3Gbps for 3DES/AES IPsec VPN

https://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/datasheet-c78-730903.html

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Cristian Matei
VIP Alumni
VIP Alumni

‎03-12-2020 06:56 AM

Hi,

  

   Where have you found that for SSL traffic, performance is different? All ASA platforms have the same performance (in theory and Data Sheet) for both IPsec and SSL, as in the end the data traffic gets encrypted via 3DES or AES for both VPN types. So the encryption performance is just for encryption using those algorithms, regardless of how you end up using it, via SSL or IPsec.

 

Regards,

Cristian Matei.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-12-2020 06:26 AM

As per my understand it is combined VPN throughput for both.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Cristian Matei
VIP Alumni
VIP Alumni

‎03-12-2020 06:56 AM

Hi,

  

   Where have you found that for SSL traffic, performance is different? All ASA platforms have the same performance (in theory and Data Sheet) for both IPsec and SSL, as in the end the data traffic gets encrypted via 3DES or AES for both VPN types. So the encryption performance is just for encryption using those algorithms, regardless of how you end up using it, via SSL or IPsec.

 

Regards,

Cristian Matei.

0 Helpful

Go to solution
TommyNilsson0342
Level 1
Level 1
In response to Cristian Matei

‎03-12-2020 07:24 AM

So the throughput should then be 3 Gbps?

0 Helpful

Go to solution
Cristian Matei
VIP Alumni
VIP Alumni
In response to TommyNilsson0342

‎03-12-2020 07:55 AM

Correct.

0 Helpful

Go to solution
jleonhardt
Level 1
Level 1
In response to Cristian Matei

‎05-29-2020 10:36 AM

IPsec and TLS/SSL specs can be somewhat different:

 

Eg: FPR2110 with FTD image: 365Mbps TLS vs 800Mbps IPsec, per datasheet: https://www.cisco.com/c/en/us/products/collateral/security/firepower-2100-series/datasheet-c78-742473.html

 

Eg: ASA5516: 285Mbps TLS vs 250Mbps IPsec, per datasheet: https://www.cisco.com/c/en/us/products/collateral/security/asa-firepower-services/datasheet-c78-742475.html

 

But Cisco seems to leave off the TLS test conditions (Eg: no packet-size info above datasheets), and often doesn't even publish the TLS spec (eg: see the ASA-image info in the above FPR2110 datasheet) (Eg2: see the 5585 datasheet https://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/datasheet-c78-730903.html).

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card