Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Performance Degradation for VPN 3005 Concentrator

I am getting 60% slower file transfer performance with 3005 compare to 15% with 3030 in peer-to-peer environment.

Any advise to optimize 3005 is appreciated.

thanks,

Audie

  • Other Security Subjects
3 REPLIES
Bronze

Re: Performance Degradation for VPN 3005 Concentrator

Hi Audie,

3030 has an encryption module (SEP) and hence has more encryption throughput.

Do you know how much data you are encrypting/decrypting in the concentrator

Are you terminating other tunnels like PPTP, Client IPSEC etc.

Thanks

New Member

Re: Performance Degradation for VPN 3005 Concentrator

Hi JFrahim,

I am running using IPSec only. The test was based on two peer-to-peer clients in Aironet 1200/350 WLAN.

In WLAN-to-WLAN file transfer between two IPSec clients, the performance hit was 60% comparing without VPN. in WLAN-to-wired LAN, the performace hit was 47% since there was half RF transfer in this setup.

Thanks,

Audie

New Member

Re: Performance Degradation for VPN 3005 Concentrator

How many IPSec sessions you have? What is the used bandwith? VPN3005 does not have crypto accelerate card as VPN3030. You can improve the performance in many ways. You can modify the IPSec authentication algorythm to be more simple for the CPU (like to change from SHA (preffered) to MD5) and many other. Changing the SHA1 to MD5 will decrease the CPU usage in 10% if it is overloaded with crypting and hashing. More for SHA1 you can find at http://www.secure-hash-algorithm-md5-sha-1.co.uk

There are also few other things you can do. Chech if yoh have LZS compression turned on at VPN configuration. If so, you can turn it off.

Also there are performance problems because of bugs. If the statistics of your VPN clients says that there are many dropped packets, you should upgrade both VPN client and VPN concentrator ASAP.

179
Views
5
Helpful
3
Replies
This widget could not be displayed.