PIX to VPN3030 IPSEC performance?

Unanswered Question
Jun 21st, 2007
User Badges:

I am looking at a system with some 30 SA s, mainly from PIX 501 or 506 terminating on a central VPN3030. What should I expect in tunnel performance for 3DES?

I have seen various figures for the the VPN3030 ranging from a total of 9 Mbps to 15 Mbps. I am seeing significant congestion delays and lost traffic at much lower loadings, arround 100kbps per SA ie ~ 3 Mbps total through the central site. All traffic from the sites is sent down the SA and is a mix of FTP, Telnet and traffic from Oracle Java applet. Is this normal? Am I wasting my time with the VPN3030 should I be deploying an IPSEC VPN module in a CAT6500?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ianflgcsb Mon, 06/25/2007 - 05:28
User Badges:

Hi Peter,

We use a VPNc 3030 and terminate many different devices on it inc, pix, asa, routers etc. We havent noticed any problems with throughput over the tunnels.

We use an older SEP module and it handles 3DES encryption fine. You could check to make sure that the SEP module/s are enabled for your tunnels and that there is no bandwidth policies or default bandwidth policies in place??

The 3030 is a VPN platform designed for medium- to large-sized organizations with bandwidth requirements from full T1/E1 through T3/E3 (50 Mbps maximum performance) and up to 1500 simultaneous sessions.

Hope this helps.



srue Mon, 06/25/2007 - 07:18
User Badges:
  • Blue, 1500 points or more

what kind of bandwidth is feeding the site where the 3030 is?


This Discussion