IPsec PIX525 to PIX515 performances.

Discussion in 'Cisco' started by AM, Oct 14, 2005.

  1. AM

    AM Guest

    I guys,

    I set up an IPsec tunnel between a PIX525 and a PIX515.

    They both are behind routers doing NAT. I did everything needed and tunnel estalishes happily.
    Performances are very poor. The final segment closest to 515 is wireless
    The scenario is as follows:

    PIX525(6.3.4)---router837(12.4.2)*----internet-------(wireless connection)----3620(12.3.15)-----PIX515(7.0.2)

    First of all I noticed a very weird thing: monitoring interfaces inside and outside of the 515 while transferring a file
    over the VPN the amount rate on the outside is doubled than the inside (the PIX525 is working only for the VPN). That
    doesn't happen on 525.
    Moreover the 3620 often sees its CPU TIME very high (60/80%).

    I thought it was an MTU problem, so I decreased it to 1400 on both out and inside interfaces on 515 down to 1400 and on
    outside of the 525 as well.

    Moreover, monitoring the traffic, the line drawn has a shape very like to \/\/\/\/ on both the PIXes
    Maybe the problem is the 3620 but the shape and performances are the same when once in a while the 3620 CPU is not loaded.

    AM, Oct 14, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.