PIX - Crypto engine command
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-03-2006 08:20 AM - edited 03-03-2019 11:38 AM
We have 2 PIX 515e's configured with failover. I want to determine the usage and capacity of the units to guage how many site-to-site tunnels we can support.
I stumbled accross the #show crypto engine command and I get different output each time from both of the PIX's.
The command reference indicates that this command shows used and free uni-directional tunnels but I don't understand what this is measuring.
Does anybody know what this output is telling me? What is the best way to tell if your PIX is at capacity?
Thanks,
- Labels:
-
Other Routing

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-03-2006 10:22 AM
You can also use the sh crypto ips sa to get peer vpn tunnel information that tells you how much each tunnel has encrypted and unencrypted.
Stats for the PIX
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a0080091b15.html
Its roughly 130mbs of encrypted throughput with the vpn accelerator card.
Patrick
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-03-2006 10:23 AM
PERFORMANCE SUMMARY
• Cleartext throughput: Up to 190 Mbps
• Concurrent connections: 130,000
• 168-bit 3DES IPSec VPN throughput: Up to 135 Mbps with VAC+ or 63 Mbps with VAC
• 128-bit AES IPSec VPN throughput: Up to 130 Mbps with VAC+
• 256-bit AES IPSec VPN throughput: Up to 130 Mbps with VAC+
• Simultaneous VPN tunnels: 2000
