Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5721
Views
0
Helpful
3
Replies

3845 IPSec throughput

Itap
Level 1
Level 1

‎02-23-2012 11:26 PM - edited ‎02-21-2020 05:53 PM

Hi

We want to use cisco 3845 and pick up IPSec, with remote side. But I am afraid that cisco 3845 can't handle 155 Mbits over IPsec.

We will buy AIM-VPN/SSL3 card. Is this sufficient?

Or need something else.

Sorry for my English

Thanks.

Labels:
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-24-2012 08:53 AM

Please see the data sheet specifications here. It states:

• The Cisco 3800 Series Module (AIM-VPN/SSL-3) can provide hardware-based IPSec encryption services of 160 and 185 Mbps in the Cisco 3825 and 190 and 210 Mbps in the Cisco 3845 (IPSec IMIX and 1400-byte packets).Text Box: 1

1IPSec numbers are maximum values based on the Spirent IPSec IMIX definition and 1400-byte packet size. Each test is performed with a single tunnel. Customers are urged to consult with the Cisco account team and review all Cisco VPN solution design guides for greater detail on deployment options and scaling. Cisco recommends IPsec user to also review the Cisco Solution Design Guides for more specific information on scaling http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a008075ea98.pdf and

http://www.cisco.com/en/US/customer/netsol/ns656/networking_solutions_design_guidances_list.html.

So, yes, 3845 with AIM-VPN/SSL3 card would be sufficient to handle 155 Mbps of IPSec traffic.

0 Helpful

Itap
Level 1
Level 1
In response to Marvin Rhoads

‎02-26-2012 09:01 PM

Thank you.

One another question.

What throughput must be between to devices to handle 155 Mbps of IPSec traffic?

I mean it must be also 155 Mbits, or greater.

We must buy channel.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Itap

‎02-28-2012 10:53 AM

Well, services offered vary widely according to your local service providers. Here in USA, for instance, data center or Metro Ethernet services to offices are typically provisioned over Gigabit Ethernet facilities (interfaces) with some portion of that guaranteed and tarriffed (charged) for the level of service (throughput) guaranteed for your connection.

If the IPsec "throughput" (i.e. customer observed data rate between end hosts) needs to be 155 Mbps, then yes the service between offices must be some number greater - accounting for the encapsulation, signalling etc. You could figure it out mathematically but most customers would just order the tier of service that gives one some room for growth. So, for instance if by pure calculation you decide you need, say, 180 Mbps then just order 200 Mbps (or next available service tier).

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents