[nsp] ipsec/fw performance problem

• Next message: Edward S. Desouza: "[nsp] Aggregate in MPLS "show mpls forwarding""
• Previous message: Siva Valliappan: "Re: [nsp] ARP Behavior"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

Got a 3620 running IP/FW/IPSEC56 (12.1.5T). IPSec performance is
great with a Cisco VPN Client until an access list is added to the
external interface. Even after turning off ip inspect and simplifying
the firewall to a handful of access-list entries, performance for a
vpn client is unusable. As soon as I remove the access list the
vpn client gets fantastic performance.

Is this a known problem or is there a trick to getting firewalls and
ipsec to work on the same box?

Router cpu is less than 10% and the NT client less than 2%.
No memory problems on either.
Same thing occurs with other windows clients.
Only *1* vpn client is involved.
What the heck it's doing I'd like to know. ;)

Thanks,
Ray

• Next message: Edward S. Desouza: "[nsp] Aggregate in MPLS "show mpls forwarding""
• Previous message: Siva Valliappan: "Re: [nsp] ARP Behavior"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:27 EDT