Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX 515e - Show crypto engine output

We have 2 515e connected in failover. I am trying to determine how much capacity available for additional IPSec tunnels. I stumbled across the command "show crypto engine" and it shows me free and used uni directional tunnels.

I seem to get different numbers each time I run the command so I am not sure what this command is measuring.

Does anybody have any suggestions of how to measure tunnel capacity? What does this command tell me?



Re: PIX 515e - Show crypto engine output


size is total number of undirectional IPSec tunnels, free is the number of unused undirectional IPSec tunnels, used is the number of allocated undirectional IPSec tunnels, and active is the number of active undirectional IPSec tunnels. Because tunnel 0 is reserved for system use, size is equal to free plus used plus one.

for more info do check this link..


New Member

Re: PIX 515e - Show crypto engine output

It's strange though, I can run the command on either the primary or the failover and get 3 different numbers for size, free, used and active. The size will be 64, then 32, then 8. They always equal (free + used = size - 1) but the size ranges anywhere between 8-64.

I wonder if it allocates chuncks of memory when there are active tunnels, like 2 tunnels uses an 8mb chunck 4 used 3 when you start the 5th tunnel it increases the size to 32, and so on.

I'm looking for the best way to determine when the PIX is getting near capacity.