Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1118
Views
3
Helpful
1
Replies

ASA SSL VPN - impact on CPU

Paul Cummings
Level 1
Level 1

‎08-17-2011 04:18 AM

Hi,

Does anyone have any information on how much the CPU is impacted by SSL VPNs on Cisco ASA 5500's?

I believe that the ASA offloads a lot of its encryption/decryption on a built in VPN accelerator rather than placing load on the main CPU. Is this correct?

According to the ASA 5520 specs - it can handle a throughput of up to 225Mbps of VPN traffic. Of course, it does not say whether this is SSL or IPSEC but I would like to understand what impact say 100Mbps of SSL VPN traffic would have on the main CPU.

Can anyone please advise?

We need this information to gauge whether an existing firewall has enough capacity to cope with existing load plus additional new SSL VPNs.

Thanks

Paul

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎08-17-2011 04:34 AM

Paul,

I would suggest to run this by your SE to get precise number.

You are correct that normally both ipsec and ssl dataplane should be handled by accelaration module. However in case of SSL some exceptions apply.

Most notably, with compression, but also dependong on RSA key size (if my memory serves me well 2048 key will cause CPU processing).

When I look at performance numbers for throughput I alwaus assume 1400 byte UDP packets with almost no latency nor packet drop :]

Marcin

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents