02-03-2006 08:20 AM - edited 03-03-2019 11:38 AM
We have 2 PIX 515e's configured with failover. I want to determine the usage and capacity of the units to guage how many site-to-site tunnels we can support.
I stumbled accross the #show crypto engine command and I get different output each time from both of the PIX's.
The command reference indicates that this command shows used and free uni-directional tunnels but I don't understand what this is measuring.
Does anybody know what this output is telling me? What is the best way to tell if your PIX is at capacity?
Thanks,
02-03-2006 10:22 AM
You can also use the sh crypto ips sa to get peer vpn tunnel information that tells you how much each tunnel has encrypted and unencrypted.
Stats for the PIX
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a0080091b15.html
Its roughly 130mbs of encrypted throughput with the vpn accelerator card.
Patrick
02-03-2006 10:23 AM
PERFORMANCE SUMMARY
Cleartext throughput: Up to 190 Mbps
Concurrent connections: 130,000
168-bit 3DES IPSec VPN throughput: Up to 135 Mbps with VAC+ or 63 Mbps with VAC
128-bit AES IPSec VPN throughput: Up to 130 Mbps with VAC+
256-bit AES IPSec VPN throughput: Up to 130 Mbps with VAC+
Simultaneous VPN tunnels: 2000
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: