VPN throughput on the ASA5505

Unanswered Question
Oct 13th, 2008

I am reading the ASA 5505 and I wonder if someone can explain this to me:

I have a Checkpoint Firewall Secureplatform NGx R65 running on IBM x3650

with two processors quad-core 3.2 Ghz with 4GB RAM. Behind the Checkpoint

firewall is also an IBM x3650 Redhat Linux 4 ES.

I have an ASA 5505 running version 8.0(4). Behind the ASA 5505 is an

IBM x3650 Redhat Linux 4 ES. Everything is connected to a Catalyst 3750

running IOS version 12.2(25) copper Gig interfaces switchport.

I have Site-2-Site VPN between the Checkpoint firewall and the ASA 5505.

The VPN tunnel is AES-256/DH-5/PFS Group5. The tunnel is working fine.

However, I can NOT push more than 20Mbps through the VPN tunnel. I use

IPERF to test the throughput across the VPN tunnel. The CPU usage

on the ASA, at 20Mbps, is about 95% utilization.

If I replace the ASA with another Checkpoint firewall, I can easily

push over 200Mbps+ across the VPN tunnel with Iperf.

When I read the Cisco documentation, it stated that the ASA 5505 can push

up to 100Mbps VPN throughput, according to this link:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet0900aecd802930c5.html

Has anyone been able to push 100Mbps VPN throughput with the ASA 5505?

Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion