Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
322
Views
0
Helpful
2
Replies

PIX - Crypto engine command

us10610
Level 4
Level 4

‎02-03-2006 08:20 AM - edited ‎03-03-2019 11:38 AM

We have 2 PIX 515e's configured with failover. I want to determine the usage and capacity of the units to guage how many site-to-site tunnels we can support.

I stumbled accross the #show crypto engine command and I get different output each time from both of the PIX's.

The command reference indicates that this command shows used and free uni-directional tunnels but I don't understand what this is measuring.

Does anybody know what this output is telling me? What is the best way to tell if your PIX is at capacity?

Thanks,

Labels:
0 Helpful
2 Replies 2

Patrick Laidlaw
Level 4
Level 4

‎02-03-2006 10:22 AM

You can also use the sh crypto ips sa to get peer vpn tunnel information that tells you how much each tunnel has encrypted and unencrypted.

Stats for the PIX

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a0080091b15.html

Its roughly 130mbs of encrypted throughput with the vpn accelerator card.

Patrick

0 Helpful

srue
Level 7
Level 7

‎02-03-2006 10:23 AM

http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/products_data_sheet09186a0080091b15.html

PERFORMANCE SUMMARY

• Cleartext throughput: Up to 190 Mbps

• Concurrent connections: 130,000

• 168-bit 3DES IPSec VPN throughput: Up to 135 Mbps with VAC+ or 63 Mbps with VAC

• 128-bit AES IPSec VPN throughput: Up to 130 Mbps with VAC+

• 256-bit AES IPSec VPN throughput: Up to 130 Mbps with VAC+

• Simultaneous VPN tunnels: 2000

0 Helpful
Customers Also Viewed These Support Documents