03-11-2014 12:47 PM - edited 02-21-2020 07:33 PM
Hello,
I recently configured an IPsec tunnel over an 1GE-Connection. As we need nearly 1GBit we decided to use two 3945 with Crypto Engine.
Now that we configured the connection unfortunately the speed is quite slower than expected. We tried to copy a large file using Windows through this connection an we got approx 30 MB/s. Same tests in internal networks leads to 80 to 100 MB/s (thats what I nearly expected). PRTG says something about 240 MBit/s
So first of all two questions:
- Has anybody values to compare?
- Any ideas how to get this faster? Now I am using AES. The Crypto Engine is enabled (show crypto engine configuration tells me VPN Module onboard - disabled / ISM VPN Accelerator in Slot 0 - enabled)
Last idea I had was the line not being real 1 GE, but that is a bit more difficult to check without interrrupting traffic.
Any help is appreciated, thanks in advance,
Andreas
03-11-2014 10:17 PM
All other factors being negligible and assuming a 3945E with HSEC license, you should be able to get about 800 Mbps of IPsec throughput with IMIX traffic over a single tunnel IPSec VPN. Without the HSEC license you will be artifically limited.
If you add zone-based firewall and QoS features the performance will decrease.
That said, your provider contract or service portal should define the actual commited rate on the 1 Gbps physical interface. Here in the US at least, it is often less that the full 1 Gbps.
03-12-2014 12:57 AM
03-16-2014 10:41 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide