Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2645
Views
0
Helpful
4
Replies

IPSec bandwith Limitations Firepower 2140

Go to solution
KevinKevin77455
Level 1
Level 1

‎12-22-2020 04:01 PM

Hi guys,

Are they any bandwith limitations per SA on IPsec l2l tunnel? Didnt make it more than 300Mbits on an 1Gbits wanlink

 

Firepower 2140 on both sides

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
KevinKevin77455
Level 1
Level 1

‎12-23-2020 10:32 AM

Hi i got answer from cisco:

 

The issue that is mentioned is addressed in the below documentation bug: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp25274

     *   The FPR and ASA architecture works in a way, that each connection, SA for a better terminology, will utilize one crypto core.

     *   This means that we will not utilize the whole throughput for only one SA.

     *   This also means that the throughput in the datasheet is aggregated, meaning this is for ALL SAs.

     *   In FPR-2140 we’ll have one SA with throughput of ~350 Mbps, and we will keep it this way for each up coming SA, untill we max. out.

 

Cryptocores on2140 are 16cores

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Georg Pauwen
VIP
VIP

‎12-22-2020 11:59 PM

Hello,

 

according to Table 1 in the document linked below, IPSec VPN/L2L throughput should be 2Gbps.

 

https://www.cisco.com/c/en/us/products/collateral/security/firepower-2100-series/datasheet-c78-742473.html

 

 

0 Helpful

Go to solution
KevinKevin77455
Level 1
Level 1

‎12-23-2020 10:32 AM

Hi i got answer from cisco:

 

The issue that is mentioned is addressed in the below documentation bug: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp25274

     *   The FPR and ASA architecture works in a way, that each connection, SA for a better terminology, will utilize one crypto core.

     *   This means that we will not utilize the whole throughput for only one SA.

     *   This also means that the throughput in the datasheet is aggregated, meaning this is for ALL SAs.

     *   In FPR-2140 we’ll have one SA with throughput of ~350 Mbps, and we will keep it this way for each up coming SA, untill we max. out.

 

Cryptocores on2140 are 16cores

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to KevinKevin77455

‎12-23-2020 11:01 AM

Really valuable information, thanks for sharing that !

0 Helpful

Go to solution
KevinKevin77455
Level 1
Level 1
In response to Georg Pauwen

‎12-23-2020 01:15 PM

Ure welcome georg stay healthy and inquisitive

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card