Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1277
Views
0
Helpful
1
Replies

ASA RAS VPN performance monitoring via SNMP - is it enought to monitor CPU what about Accelerator?

SergGu
Level 1
Level 1

‎03-27-2020 06:13 AM

Hello,

 

Is it enough to monitor the number of connected users + main CPU to understand the overall health of ASA?

 

I'm concerned about VPN offload and as a result, the main CPU being flat while Crypro subsystem loaded and struggling

Here are some examples of "show crypto accelerator statistics"

https://etherealmind.com/verifying-ipsec-ssl-crypto-performance-cli/

[Capability]
Supports hardware crypto: True
Supports modular hardware crypto: False
Max accelerators: 1
Max crypto throughput: 325 Mbps
Max crypto connections: 5000

 

Can I pick real time information from CISCO-CRYPTO-ACCELERATOR-MIB ?

 

Thanks!

0 Helpful
1 Reply 1

SergGu
Level 1
Level 1

‎03-27-2020 07:47 AM

Apparently, there are TWO types of accelerators: hardware and software.

Not sure what units come with hardware accelerators. But the one with software does everything in the main CPU.

 

documentation -

https://www.cisco.com/c/en/us/td/docs/security/firepower/command_ref/b_Command_Reference_for_Firepower_Threat_Defense/s_3.html#wp3390933055

 

Usage Guidelines

The output statistics are defined as follows:

Accelerator 0 shows statistics for the software-based crypto engine.

Accelerator 1 shows statistics for the hardware-based crypto engine.

 

 

 

models - https://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/datasheet-c78-733916.html

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card