PIX to PIX VPN tunnel versus Cisco VPN sw client to Cisco VPN concentrator
I need to know if a PIX to PIX VPN tunnel would introduce more latency than a VPN link using Cisco VPN software client software to a Cisco VPN concentrator.
On my side is a PIX515 running 5.3(4) which also handles corporate Internet traffic. The other side is a PIX525 with 6.1(3). Accessing remote servers thru the tunnel from my side is noticeably slower than the same access but using the software client.
Is there some way to monitor cpu utilization on 5.3(4)? I realize 6.0(1) supports "show cpu usage" for this, but outside of upgrading to 6.x is there another way?
Re: PIX to PIX VPN tunnel versus Cisco VPN sw client to Cisco VP
Hi, to my knowledge there is no such command in 5.3.4. If your 515 is passing alot of internet traffic, then this will slow the VPN down. The only way to fix this on a 515 and above is to install a VAC to offload the encryption/decryption to a coprocessor. The client to concentrator option would definitely work much better because the concentrators job in life is VPN control and not firewalling. Both of these pieces of hardware run around $4000 msrp.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...