I am reading the ASA 5505 and I wonder if someone can explain this to me:
I have a Checkpoint Firewall Secureplatform NGx R65 running on IBM x3650
with two processors quad-core 3.2 Ghz with 4GB RAM. Behind the Checkpoint
firewall is also an IBM x3650 Redhat Linux 4 ES.
I have an ASA 5505 running version 8.0(4). Behind the ASA 5505 is an
IBM x3650 Redhat Linux 4 ES. Everything is connected to a Catalyst 3750
running IOS version 12.2(25) copper Gig interfaces switchport.
I have Site-2-Site VPN between the Checkpoint firewall and the ASA 5505.
The VPN tunnel is AES-256/DH-5/PFS Group5. The tunnel is working fine.
However, I can NOT push more than 20Mbps through the VPN tunnel. I use
IPERF to test the throughput across the VPN tunnel. The CPU usage
on the ASA, at 20Mbps, is about 95% utilization.
If I replace the ASA with another Checkpoint firewall, I can easily
push over 200Mbps+ across the VPN tunnel with Iperf.
When I read the Cisco documentation, it stated that the ASA 5505 can push
up to 100Mbps VPN throughput, according to this link:
Has anyone been able to push 100Mbps VPN throughput with the ASA 5505?