Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX - Crypto engine command

We have 2 PIX 515e's configured with failover. I want to determine the usage and capacity of the units to guage how many site-to-site tunnels we can support.

I stumbled accross the #show crypto engine command and I get different output each time from both of the PIX's.

The command reference indicates that this command shows used and free uni-directional tunnels but I don't understand what this is measuring.

Does anybody know what this output is telling me? What is the best way to tell if your PIX is at capacity?

Thanks,

2 REPLIES

Re: PIX - Crypto engine command

You can also use the sh crypto ips sa to get peer vpn tunnel information that tells you how much each tunnel has encrypted and unencrypted.

Stats for the PIX

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a0080091b15.html

Its roughly 130mbs of encrypted throughput with the vpn accelerator card.

Patrick

Gold

Re: PIX - Crypto engine command

http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/products_data_sheet09186a0080091b15.html

PERFORMANCE SUMMARY

• Cleartext throughput: Up to 190 Mbps

• Concurrent connections: 130,000

• 168-bit 3DES IPSec VPN throughput: Up to 135 Mbps with VAC+ or 63 Mbps with VAC

• 128-bit AES IPSec VPN throughput: Up to 130 Mbps with VAC+

• 256-bit AES IPSec VPN throughput: Up to 130 Mbps with VAC+

• Simultaneous VPN tunnels: 2000

102
Views
0
Helpful
2
Replies