Pix 515 200 MHz

Discussion in 'Cisco' started by Joseph Finley, Jan 2, 2004.

  1. I have a Cisco PIX 200 MHz version that has about 20 3DES IPSEC tunnnels
    going through it.

    On the other side of the PIX I have Dual T1 bonded (CEF) for throughput.
    Although the PIX shows only 10% cpu usage, how will I know this thing is
    getting taxed or invest in another? My company doesn't have the $$ to
    invest in a 7200vxr or anything like that.

    Thanks,
    Joe
     
    Joseph Finley, Jan 2, 2004
    #1
    1. Advertisements

  2. :I have a Cisco PIX 200 MHz version that has about 20 3DES IPSEC tunnnels
    :going through it.

    :On the other side of the PIX I have Dual T1 bonded (CEF) for throughput.
    :Although the PIX shows only 10% cpu usage, how will I know this thing is
    :getting taxed or invest in another? My company doesn't have the $$ to
    :invest in a 7200vxr or anything like that.

    Not to worry. Dual T1 is at most 3.088 mbit/s, which is within
    the 3DES capacity of even the 133 MHz PIX 501.

    You might want to use MRTG to monitor the cpu usage over time;
    you probably don't have to think about the load until you start
    seeing peaks about 40%.
     
    Walter Roberson, Jan 2, 2004
    #2
    1. Advertisements

  3. Thank you. Someone at Cisco stated the same thing, but of course, I am a
    listen but verify type of person.

    Joe
     
    Joseph Finley, Jan 2, 2004
    #3
  4. :Thank you. Someone at Cisco stated the same thing, but of course, I am a
    :listen but verify type of person.

    You mentioned a 515, and the 200 MHz does confirm that is a
    515 and not a 515E (which runs at 433 MHz.) If you were to have
    problems with load, the 515E would be a much less expensive upgrade
    than a 7200vx series.

    Anyhow, 515 is an older device, and you might have older software
    on it. You may wish to consider using one of the more recent
    software releases: there were speed improvements on some of
    the devices as of 6.3(1). [The 515 doesn't get talked about
    much anymore, so I have not seen any figures quoted for it.]
    Unless you have the VPN crypto accelerator board, you could probably
    see improvements by upgrading to 6.3(3) and converting your
    tunnels from 3DES to AES-128.
     
    Walter Roberson, Jan 2, 2004
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.