VPN throughput on the ASA5505

Unanswered Question
Oct 13th, 2008
User Badges:
  • Silver, 250 points or more

I am reading the ASA 5505 and I wonder if someone can explain this to me:

I have a Checkpoint Firewall Secureplatform NGx R65 running on IBM x3650

with two processors quad-core 3.2 Ghz with 4GB RAM. Behind the Checkpoint

firewall is also an IBM x3650 Redhat Linux 4 ES.

I have an ASA 5505 running version 8.0(4). Behind the ASA 5505 is an

IBM x3650 Redhat Linux 4 ES. Everything is connected to a Catalyst 3750

running IOS version 12.2(25) copper Gig interfaces switchport.

I have Site-2-Site VPN between the Checkpoint firewall and the ASA 5505.

The VPN tunnel is AES-256/DH-5/PFS Group5. The tunnel is working fine.

However, I can NOT push more than 20Mbps through the VPN tunnel. I use

IPERF to test the throughput across the VPN tunnel. The CPU usage

on the ASA, at 20Mbps, is about 95% utilization.

If I replace the ASA with another Checkpoint firewall, I can easily

push over 200Mbps+ across the VPN tunnel with Iperf.

When I read the Cisco documentation, it stated that the ASA 5505 can push

up to 100Mbps VPN throughput, according to this link:


Has anyone been able to push 100Mbps VPN throughput with the ASA 5505?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
cisco24x7 Wed, 10/15/2008 - 04:31
User Badges:
  • Silver, 250 points or more

Does anyone have insights to this? Thanks.


This Discussion