Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
539
Views
0
Helpful
3
Replies

vpn performance cisco 2851, why does not full speed if it can do that?

Roberto Casagrande
Level 1
Level 1

‎01-18-2018 03:56 AM - edited ‎03-12-2019 04:55 AM

Hi to all ,

(schema of the network :

pcclient<---->routerc2851<---(70Mbit)--->internet<---300Mbit--->routerasr1000<---->serverFTP
The router cisco2851 is linked to internet with 70 Mbit\s of the bandwith. I tested the performance with pc client inside the lan of the router 2851 and the other side a server with service of FTP.
Test:
1) download with crypto 8.024.kbit
2) download w\o crypto 14.408 kbit
3) two download in the same time the interface public arrived (w\o crypto) 28.839kbit

 

The quesions are:
1) why does the single download not arriving to this performance (28.839Kbit) ? and what can I do?
2) why does not use all bandwith that we have (70Mbit)?

Thanks a lot for the time that dedicated to me..

ciao

Labels:
0 Helpful
3 Replies 3

Mohammed al Baqari
Level 11
Level 11

‎01-18-2018 05:23 AM

Hi, 2800 router perform IPSec encry/decry in software. Therefore its normal
to see w/crypto slower than w/ocrypto. Now regarding session speed you need
to check the limits on server and ftp application. Also, look in the router
in case of qos config blocking it
0 Helpful

Roberto Casagrande
Level 1
Level 1
In response to Mohammed al Baqari

‎01-18-2018 06:23 AM

thanks Mohammed,

I don't have the qos and the server not have limitation. I tested in local lan and I trasfered a file in 822.432 Kbit

sh crypto engine brief
        crypto engine name:  Virtual Private Network (VPN) Module
        crypto engine type:  hardware
                     State:  Enabled
                  Location:  onboard 0
              Product Name:  Onboard-VPN
                FW Version:  01100200
              Time running:  189698 seconds
               Compression:  Yes
                       DES:  Yes
                     3 DES:  Yes
                   AES CBC:  Yes (128,192,256)
                  AES CNTR:  No
     Maximum buffer length:  4096
          Maximum DH index:  0300
          Maximum SA index:  0300
        Maximum Flow index:  0600
      Maximum RSA key size:  2048


        crypto engine name:  Cisco VPN Software Implementation
        crypto engine type:  software
             serial number:  2B9355AA
       crypto engine state:  installed
     crypto engine in slot:  N/A

 

thanks

0 Helpful

Mohammed al Baqari
Level 11
Level 11
In response to Roberto Casagrande

‎01-19-2018 09:15 AM

It might be limited by providers or international carriers. I have seen
such limitations in regions like south east asia while copying from states
or middle east. To overcome this usually enterprise file replication or
private torrents are used
0 Helpful
Customers Also Viewed These Support Documents