02-05-2008 05:32 AM - edited 02-21-2020 03:32 PM
Hi,
I'm wondering if there are some figures available regarding the performance of a standard 1841 with the IOS image :
12.4(18) AdvipserviceK9
I configured 2 1841's it with a simple example (see attachment) but can't get greater speeds than 6 to 11 Mbit trough a tunnel.
I'm testing with default Iperf settings and 2 laptops which can get speeds of 75 up to 81 Mbit without a tunnel.
I'm just wondering what kind of performance one could expext with a setup like this, but I cannot find any figures within the Cisco Online documentation
Router1:
crypto isakmp policy 10
authentication pre-share
!
crypto isakmp key ciscokey address 200.1.1.1
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto map myvpn 10 ipsec-isakmp
set peer 200.1.1.1
set transform-set myset
!--- Include the private-network-to-private-network traffic
!--- in the encryption process:
match address 101
!
!
!
interface Ethernet0/0
ip address 172.16.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Ethernet1/0
ip address 100.1.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly
crypto map myvpn
!
ip classless
ip route 0.0.0.0 0.0.0.0 100.1.1.254
!
ip http server
no ip http secure-server
!
!--- Except the private network from the NAT process:
ip nat inside source list 175 interface Ethernet1/0 overload
!
!--- Include the private-network-to-private-network traffic
!--- in the encryption process:
access-list 101 permit ip 172.16.1.0 0.0.0.255 10.1.1.0 0.0.0.255
!--- Except the private network from the NAT process:
access-list 175 deny ip 172.16.1.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 175 permit ip 172.16.1.0 0.0.0.255 any
Router2
crypto isakmp policy 10
authentication pre-share
crypto isakmp key ciscokey address 100.1.1.1
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto map myvpn 10 ipsec-isakmp
set peer 100.1.1.1
set transform-set myset
!--- Include the private-network-to-private-network traffic
!--- in the encryption process:
match address 101
!
!
!
interface Ethernet0/0
ip address 10.1.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Ethernet1/0
ip address 200.1.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly
crypto map myvpn
!
!
ip classless
ip route 0.0.0.0 0.0.0.0 200.1.1.254
!
no ip http server
no ip http secure-server
!
!--- Except the private network from the NAT process:
ip nat inside source list 122 interface Ethernet1/0 overload
!--- Except the static-NAT traffic from the NAT process if destined
!--- over the encrypted tunnel:
ip nat inside source static 10.1.1.3 200.1.1.25 route-map nonat
!
access-list 101 permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
!--- Except the private network from the NAT process:
access-list 122 deny ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 122 permit ip 10.1.1.0 0.0.0.255 any
!--- Except the static-NAT traffic from the NAT process if destined
!--- over the encrypted tunnel:
access-list 150 deny ip host 10.1.1.3 172.16.1.0 0.0.0.255
access-list 150 permit ip host 10.1.1.3 any
!
route-map nonat permit 10
match ip address 150
Solved! Go to Solution.
02-05-2008 05:52 AM
Here is a link on the VPN performance of most of the routers -
The throughput effect could be due to a variety of reasons -
a)Fragmentation of packets due to IPSEC and MTU issues
b) Higher ACL processing on the router for Crypto and NAT processes
c) Any other services which may be running.
While 45Mbps is the maximum throughput, our practice is to use 1841 upto 5Mbps of IPSEC only.
Let me know if it helps
02-05-2008 05:52 AM
Here is a link on the VPN performance of most of the routers -
The throughput effect could be due to a variety of reasons -
a)Fragmentation of packets due to IPSEC and MTU issues
b) Higher ACL processing on the router for Crypto and NAT processes
c) Any other services which may be running.
While 45Mbps is the maximum throughput, our practice is to use 1841 upto 5Mbps of IPSEC only.
Let me know if it helps
02-05-2008 06:02 AM
thanks .. this certainly helps.
It confirms with my lab test results.
Thank you !
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide