ISR4431 SEC Throughput Limit - Page 2

TONY SMITH · ‎05-23-2019

Hi,

We have an ISR4431 which according to it's logs is hitting it's IPsec limit indicated by "Maximum Tx Bandwidth limit of 85000 Kbps reached for Crypto functionality with securityk9 technology package license."

Although this router does have some IPsec traffic from VPN tunnels, it does not appear that the amount of traffic on those tunnels should be enough to be tripping this limit as often as it seems. So we're suspecting that the limit may not apply exactly as we thought. Does anyone know if either of the following apply?

(1) Does the limit of 85meg apply to the total transmit traffic, so long as it includes some IPsec? For example sending 10meg of IPsec + 80meg unencrypted.

(2) Does it include IPsec traffic passing through the router but not encrypted by it, for example traffic from a third-party VPN appliance?

Thanks, Tony S

Joseph W. Doherty · ‎01-22-2021

PS:

Seeing Georg's link (after posting my reply), seems to confirm what I recall.

BTW, in that reference, I may have missed it, but even when the restrictions were their toughest, I also recall (?) although you couldn't export a too "good" encryption program, you could "export" the source code for such a program.

I also recall you could import a too "good" encryption program, from anywhere in the world, w/o restriction (at least on the US end).

Basically what it all boils down to, the US government doesn't object to encryption as long as they can break it. They really do have legitimate reasons for their desire to break encryption, but the other side of the coin is, for those securing their information, if they can break it, who else can?

PPS:

Lastly, regarding number of tunnels, that might be just a Cisco licensing restriction.

ChristopherCraddock66504 · ‎01-22-2021

Wow! So many helpful replies! Thanks everyone. Its definitely a bizarre situation but one that could be understandable.

Thanks again everyone!