Improving VPN performance

Discussion in 'Cisco' started by Frank Toner, Apr 25, 2004.

  1. Frank Toner

    Frank Toner Guest

    Our VPN solution has three remote sites. Two of which are small offices(not
    more than 15 users), the third site has over 50 and performance is not what
    I would like it to be. Can I adjust just one tunnel to improve their
    bandwidth? What commands would I use and where would they go. We are using a
    PIX 506 to 1700 series routers with isakmp and IPSec.

    Frank Toner
     
    Frank Toner, Apr 25, 2004
    #1
    1. Advertising

  2. Frank Toner

    mh Guest

    Check out the CPU utilization on the 506's (show cpu usage} during busy hour

    Are the PIXs 506's or 506E's ???


    =============================================================================

    Model Cisco PIX 506 Cisco PIX 506E

    Processor 200-MHz Intel Pentium MMX 300-MHz Intel Celeron

    VPN throughput* 10 Mbps 16 Mbps
     
    mh, Apr 25, 2004
    #2
    1. Advertising

  3. In article <20Dic.9309$>,
    Frank Toner <> wrote:
    :Our VPN solution has three remote sites. Two of which are small offices(not
    :more than 15 users), the third site has over 50 and performance is not what
    :I would like it to be. Can I adjust just one tunnel to improve their
    :bandwidth?

    I am not clear on what manner of 'adjustment' you are asking about ?

    There is no way on any current PIX release to adjust relative bandwidth
    allocations.

    :What commands would I use and where would they go. We are using a
    :pIX 506 to 1700 series routers with isakmp and IPSec.

    You might be able to adjust bandwidths on the 1700, but I seem to
    recall the 1700 as not being the most flexible router on the block,
    so I'm not sure the 1700 can do that. There are at least 4 different
    ways to allocate bandwidth on newer models; it could be that the
    1700 supports at least one of the ways.


    But, if I could interject a practical note:

    In my experience "performance" on an IPSec link is strongly linked
    to latency, more so than available bandwidth. We have a 750 mile
    VPN connection being carried over gigabit on the short hauls and
    OC8 on the long hauls, and users complain about the performance
    of the link. We are are nowhere near straining the limits of the
    PIX's IPSec encryption bandwidth, and the traffic volume we send
    over that link is so little it's probably not even worth accounting,
    but the link *is*, under some kinds of tests, frustratingly slow.
    When I bring the same remote PIX onto my local lab bench and test
    locally, performance using the same tests is quite acceptable.
    So clearly it is latency that is killing the performance, and no
    manner of bandwidth allocation or getting "faster" PIXes would make
    a significant difference in our situation.
    --
    "WHEN QUINED, YIELDS A TORTOISE'S LOVE-SONG"
    WHEN QUINED, YIELDS A TORTOISE'S LOVE-SONG. (GEB)
     
    Walter Roberson, Apr 25, 2004
    #3
  4. Frank Toner

    Joce Guest

    mh wrote:

    > Check out the CPU utilization on the 506's (show cpu usage} during busy
    > hour
    >
    > Are the PIXs 506's or 506E's ???
    >
    >
    >

    =============================================================================
    >
    > Model Cisco PIX 506 Cisco PIX 506E
    >
    > Processor 200-MHz Intel Pentium MMX 300-MHz Intel Celeron
    >
    > VPN throughput* 10 Mbps 16 Mbps


    If he has a CPU problem it would be on the 1721, not on the PIX.

    Are you using 1721 with VPN accelerator?
     
    Joce, Apr 26, 2004
    #4
  5. Frank Toner

    Guest

    I had the same problem with my 1760's until I put the VPN accelerator card
    in.
     
    , Apr 27, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?TGFycnk=?=

    Improving signal strength?

    =?Utf-8?B?TGFycnk=?=, Dec 6, 2004, in forum: Wireless Networking
    Replies:
    5
    Views:
    7,237
    mikeFNB
    Dec 11, 2004
  2. Keith

    Improving signal / range

    Keith, Apr 8, 2005, in forum: Wireless Networking
    Replies:
    3
    Views:
    952
    Craig buckingham
    Apr 24, 2005
  3. Evan Wagner
    Replies:
    2
    Views:
    598
    Evan Wagner
    Apr 6, 2004
  4. clement
    Replies:
    10
    Views:
    585
  5. LouisB

    improving the performance of my PC

    LouisB, Oct 15, 2006, in forum: Digital Photography
    Replies:
    22
    Views:
    644
    Ron Hunter
    Oct 23, 2006
Loading...

Share This Page