02-05-2010 04:34 PM - edited 03-04-2019 07:25 AM
I need to create a layer 2 tunnel with a router and a pix 501 and each end. But, if I use IPsec on a the pix501, the throughput is only 5 or so mpbs. Cleartext on a 501 is 60mbps. I can setup a psuedowire on the router, but I don't think the pix 501 supports it? Any ideas? Can I use ipsec with l2tp tunnel, but some how turn off encyrtion to get more throughput?
02-05-2010 04:43 PM
The obvious question to ask here is what your business requirement is. If traffic must be encrypted and you need over 4.5 Mbps of throughput, then it's time to replace the PIX 501 with an ASA5505 or 800 series router.
If encryption isn't a firm requirement, one compromise might be to configure the IPSec tunnel with AH rather than ESP. You'll still get pretty high throughput and be protected against the data being modified. However, it will not be encrypted.
02-05-2010 04:49 PM
Encryption is not a requirement, but we do need more than 5mbps throughput.
Is it possible to setup a straight l2tp tunnel on the 501?
02-08-2010 10:00 AM
Yes, the PIXes do support L2TP. Here's a sample config for version 6.3 to a Windows 2000 box:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800942ad.shtml
But if your L2TP tunnel requires encryption, I'm pretty sure you will be knocked down to 4.5 Mb/s throughput.
If it were me, and the other device was a router, I'd just use IPSec w/ AH.
02-12-2010 03:11 PM
Yes the other device is a 7206 router.
How can I setup IPsec with just AH to get the throughput high as possible?
02-05-2010 09:35 PM
Hi,
if it help full please give me rateing
thanks you,
Arup
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide