Pix 515 200 MHz

I have a Cisco PIX 200 MHz version that has about 20 3DES IPSEC tunnnels
going through it.

On the other side of the PIX I have Dual T1 bonded (CEF) for throughput.
Although the PIX shows only 10% cpu usage, how will I know this thing is
getting taxed or invest in another? My company doesn't have the $$ to
invest in a 7200vxr or anything like that.

Thanks,
Joe

 

:I have a Cisco PIX 200 MHz version that has about 20 3DES IPSEC tunnnels
:going through it.

:On the other side of the PIX I have Dual T1 bonded (CEF) for throughput.
:Although the PIX shows only 10% cpu usage, how will I know this thing is
:getting taxed or invest in another? My company doesn't have the $$ to
:invest in a 7200vxr or anything like that.

Not to worry. Dual T1 is at most 3.088 mbit/s, which is within
the 3DES capacity of even the 133 MHz PIX 501.

You might want to use MRTG to monitor the cpu usage over time;
you probably don't have to think about the load until you start
seeing peaks about 40%.

 

Thank you. Someone at Cisco stated the same thing, but of course, I am a
listen but verify type of person.

Joe

 

:Thank you. Someone at Cisco stated the same thing, but of course, I am a
:listen but verify type of person.

You mentioned a 515, and the 200 MHz does confirm that is a
515 and not a 515E (which runs at 433 MHz.) If you were to have
problems with load, the 515E would be a much less expensive upgrade
than a 7200vx series.

Anyhow, 515 is an older device, and you might have older software
on it. You may wish to consider using one of the more recent
software releases: there were speed improvements on some of
the devices as of 6.3(1). [The 515 doesn't get talked about
much anymore, so I have not seen any figures quoted for it.]
Unless you have the VPN crypto accelerator board, you could probably
see improvements by upgrading to 6.3(3) and converting your
tunnels from 3DES to AES-128.