08-02-2007 06:18 AM - edited 02-21-2020 03:11 PM
What kind of throughput can I expect on my C871 running IPSec with 256 bit encryption ? I have a PIX 520 on the other end.
Here is the C871 IPSEC
crypto ipsec transform-set L2L esp-aes 256 esp-sha-hmac
I'm getting less than 1Mb/s on a 5Mb/s link.
Thanks
08-03-2007 03:13 AM
hi
can you revert back on how and where you are measuring this performance out there with ipsec ?
do you have any other applications like web access/mail access being accessed from the internet except this vpn ?
regds
08-03-2007 05:35 AM
I measured the throughput using the SHOW INTERFACE command on the WAN port with multiple file transfers going at the same time.
If I remove the C871 and go directly to the Internet router with no VPN I can get the 5 Mb/s I am alloted on the Interet link with the same multiple file transfers.
With the C871 and IPSec VPN the response is slower than my dedicated T-1 I am trying to replace.
Thanks.
08-04-2007 10:28 AM
According to cisco :
Q. What are the performance characteristics of the Cisco 870 Series and Cisco 850 Series Integrated Services Routers?
A. Aggregate performance with IPsec 3DES for the Cisco 870 Series is up to 8 Mbps with IMIX packets, and up to 30 Mbps with 1400-byte packets.
As a 3DES string is more complex to encrypt than with AES, I think you can achieve a min throughput of 20Mbps with some access lists, nat enabled, CBAC and so on...
I have configured a 3DES tunnel with a router with a Conexant chip, and the throughput was already more than 1Mb/s with a 851 router (851 %cpu : about 30%, conexant %cpu : 100%).
When the tunnel is established, check the %cpu used on your 871 with the "show proc cpu hist" command.
And if you hit 100%, then "show proc cpu sorted" should tell you which process is wasting the router cpu cycles.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide