cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
212
Views
0
Helpful
2
Replies

PIX - Crypto engine command

us10610
Level 4
Level 4

We have 2 PIX 515e's configured with failover. I want to determine the usage and capacity of the units to guage how many site-to-site tunnels we can support.

I stumbled accross the #show crypto engine command and I get different output each time from both of the PIX's.

The command reference indicates that this command shows used and free uni-directional tunnels but I don't understand what this is measuring.

Does anybody know what this output is telling me? What is the best way to tell if your PIX is at capacity?

Thanks,

2 Replies 2

Patrick Laidlaw
Level 4
Level 4

You can also use the sh crypto ips sa to get peer vpn tunnel information that tells you how much each tunnel has encrypted and unencrypted.

Stats for the PIX

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a0080091b15.html

Its roughly 130mbs of encrypted throughput with the vpn accelerator card.

Patrick

srue
Level 7
Level 7

http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/products_data_sheet09186a0080091b15.html

PERFORMANCE SUMMARY

• Cleartext throughput: Up to 190 Mbps

• Concurrent connections: 130,000

• 168-bit 3DES IPSec VPN throughput: Up to 135 Mbps with VAC+ or 63 Mbps with VAC

• 128-bit AES IPSec VPN throughput: Up to 130 Mbps with VAC+

• 256-bit AES IPSec VPN throughput: Up to 130 Mbps with VAC+

• Simultaneous VPN tunnels: 2000

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: