Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1792
Views
3
Helpful
4
Replies

Appropriate hardware for EZVPN server

Go to solution
David Williams
Level 1
Level 1

ā€Ž12-07-2010 06:59 AM

Cisco seems to be so profoundly vague on the vpn capabilities of their ISR G2 line that I need to reach out and ask for some advise from the experienced experts in this forum.  I need to appropriately size an EZVPN server for a 75 site VPN WAN with tunnels ranging in size from 1.5 to 5Mbps.  The liklihood  that any of these tunnels will utilize 100% capacity for any measurable period of time is not very good.  I would estimate the 95th percentile for each of these tunnels to be less than 1 Mbps download and maybe 500kbps upload.  Can anyone provide some advise or point me toward the elusive documentation that would allow me to make a decent comparison?  I was looking at either a 2900 series ISR or an ASA5510 but without details on the ISR it's all guessing.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Hamzah Kardame
Cisco Employee
Cisco Employee
In response to David Williams

ā€Ž12-08-2010 06:18 AM

Well, based on this thread:

https://supportforums.cisco.com/thread/344391

seems: "With IPSEC/AES we can do 848Mbps on a 3945 and 1400byte packets and the  2900s range from 150-280Mbps or so depending on which 2900."

Also, refer to the doc attached...seems helpful.

For more information on the 2900 routers in particular, you can have a look at the data sheet as well:

http://www.cisco.com/en/US/prod/collateral/routers/ps10537/data_sheet_c78_553896.html

The truth of the matter is that we can't really give an exact answer to your question. It depends on the environment the router is deployed in, the kind of traffic it deals with and the type/volume of configuration on it as well.

sorry, couldn't be of more help with this!

View solution in original post

Preview file
119 KB
0 Helpful
4 Replies 4

Go to solution
Hamzah Kardame
Cisco Employee
Cisco Employee

ā€Ž12-07-2010 08:47 AM

Hi David,

I came across this :

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps6659/data_sheet_c78-457320.html

Refer table 5; it mentions the different router platforms and the number of easy vpn tunnels they support respectively. Was this what you were looking for?

Go to solution
David Williams
Level 1
Level 1
In response to Hamzah Kardame

ā€Ž12-07-2010 03:55 PM

That is definitely more information than I had before.  Thank you!

The other factor is encrypted throughput.  At what point do you overwhelm the 2900?  If it has 75 tunnels on it, all of which can pull 5 Mbps, that is a potential of 375 Mbps of throughput and that is only in one direction.  Of course I don't anticipate that all tunnels will be downloading at full capacity at the same time, but having some idea of what that throughput is using different encryption algorithms is vital to choosing the correct hardware.  For example.  Is 150Mbps of bidirectional traffic using AES256 a realistic expectation for a 2901?  I don't know, and if I have to buy one and test it to find out then Cisco is doing a very poor job of either understanding their own product or communicating their capabilities.  I'm hoping I am just looking in the wrong place and the document that answers this is sitting out there somewhere. 

0 Helpful

Go to solution
Hamzah Kardame
Cisco Employee
Cisco Employee
In response to David Williams

ā€Ž12-08-2010 06:18 AM

Well, based on this thread:

https://supportforums.cisco.com/thread/344391

seems: "With IPSEC/AES we can do 848Mbps on a 3945 and 1400byte packets and the  2900s range from 150-280Mbps or so depending on which 2900."

Also, refer to the doc attached...seems helpful.

For more information on the 2900 routers in particular, you can have a look at the data sheet as well:

http://www.cisco.com/en/US/prod/collateral/routers/ps10537/data_sheet_c78_553896.html

The truth of the matter is that we can't really give an exact answer to your question. It depends on the environment the router is deployed in, the kind of traffic it deals with and the type/volume of configuration on it as well.

sorry, couldn't be of more help with this!

Preview file
119 KB
0 Helpful

Go to solution
David Williams
Level 1
Level 1
In response to Hamzah Kardame

ā€Ž12-08-2010 07:46 PM

No apologies are necessary.  This is all I was looking for.  I understand that the numbers are only guidelines and are dependant upon what else we have the router doing.  Thank you for the information.

0 Helpful
Customers Also Viewed These Support Documents