Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Only 5Mbps through 2821-2821 3DES

My initial tests are showing throughput maxing out at 5Mbps when trying to transfer files using SCP via a tunnel run between two 2821s with the built-in hardware encryption. While I am tracking down all the other possible bottlenecks in the path - can someone confirm if anything special needs to be done to enable the hardware encryption to take over? My tunnel is encrypting and decrypting fine. No errors and good latency. But I am expecting to see far better than just 5Mbps. Thanks.

crypto isakmp policy 10

hash md5

authentication pre-share

crypto isakmp key xxxx address x.x.x.x

crypto ipsec transform-set vpn esp-des esp-md5-hmac

crypto map VPNs 10 ipsec-isakmp

description vpn to boulder

set peer 172.22.25.199

set transform-set vpn

match address 180

4 REPLIES
New Member

Re: Only 5Mbps through 2821-2821 3DES

This may be a TCP windowing issue. If you have about 40 ms latency each way on your link, 5 Mbps is all you will get with a 64 kb default TCP window. Increase the size to 400 kb and try again.

New Member

Re: Only 5Mbps through 2821-2821 3DES

I don't think there's an option to change the TCP window within open SSH. The latency in the lab I'm working in is actually very low - like 12ms.

New Member

Re: Only 5Mbps through 2821-2821 3DES

I agree with the gentleman who brought up RTT throughput impact on TCP. Otherwise, I don't see anything that would impact throughput in the config snippet. We normally figure on 80mb one way between two 2821's using the Cisco VPN hardware, we normally get much higher rates than 80mb though.

The one item I wanted to point out is that you're running DES56, not Triple DES. If you wanted to run Triple DES you should have "esp-3des" in the transform set instead of "esp-des".

Rob

New Member

Re: Only 5Mbps through 2821-2821 3DES

Thanks for noticing that on the DES. This is a lab I inherited - honest!

252
Views
0
Helpful
4
Replies
CreatePlease login to create content