Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

C871 Performance Issue with IPSec

What kind of throughput can I expect on my C871 running IPSec with 256 bit encryption ? I have a PIX 520 on the other end.

Here is the C871 IPSEC

crypto ipsec transform-set L2L esp-aes 256 esp-sha-hmac

I'm getting less than 1Mb/s on a 5Mb/s link.

Thanks

3 REPLIES

Re: C871 Performance Issue with IPSec

hi

can you revert back on how and where you are measuring this performance out there with ipsec ?

do you have any other applications like web access/mail access being accessed from the internet except this vpn ?

regds

New Member

Re: C871 Performance Issue with IPSec

I measured the throughput using the SHOW INTERFACE command on the WAN port with multiple file transfers going at the same time.

If I remove the C871 and go directly to the Internet router with no VPN I can get the 5 Mb/s I am alloted on the Interet link with the same multiple file transfers.

With the C871 and IPSec VPN the response is slower than my dedicated T-1 I am trying to replace.

Thanks.

New Member

Re: C871 Performance Issue with IPSec

According to cisco :

Q. What are the performance characteristics of the Cisco 870 Series and Cisco 850 Series Integrated Services Routers?

A. Aggregate performance with IPsec 3DES for the Cisco 870 Series is up to 8 Mbps with IMIX packets, and up to 30 Mbps with 1400-byte packets.

As a 3DES string is more complex to encrypt than with AES, I think you can achieve a min throughput of 20Mbps with some access lists, nat enabled, CBAC and so on...

I have configured a 3DES tunnel with a router with a Conexant chip, and the throughput was already more than 1Mb/s with a 851 router (851 %cpu : about 30%, conexant %cpu : 100%).

When the tunnel is established, check the %cpu used on your 871 with the "show proc cpu hist" command.

And if you hit 100%, then "show proc cpu sorted" should tell you which process is wasting the router cpu cycles.

555
Views
0
Helpful
3
Replies
CreatePlease to create content