We have 2 515e connected in failover. I am trying to determine how much capacity available for additional IPSec tunnels. I stumbled across the command "show crypto engine" and it shows me free and used uni directional tunnels.
I seem to get different numbers each time I run the command so I am not sure what this command is measuring.
Does anybody have any suggestions of how to measure tunnel capacity? What does this command tell me?
size is total number of undirectional IPSec tunnels, free is the number of unused undirectional IPSec tunnels, used is the number of allocated undirectional IPSec tunnels, and active is the number of active undirectional IPSec tunnels. Because tunnel 0 is reserved for system use, size is equal to free plus used plus one.
It's strange though, I can run the command on either the primary or the failover and get 3 different numbers for size, free, used and active. The size will be 64, then 32, then 8. They always equal (free + used = size - 1) but the size ranges anywhere between 8-64.
I wonder if it allocates chuncks of memory when there are active tunnels, like 2 tunnels uses an 8mb chunck 4 used 3 free...so when you start the 5th tunnel it increases the size to 32, and so on.
I'm looking for the best way to determine when the PIX is getting near capacity.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...