[cisco-nas] VPN on Cisco AS53xx

Aaron Leonard Aaron at cisco.com
Tue Aug 26 16:15:50 EDT 2008 

David,

I think, even with 60% peak CPU load, I'd be wary of running the IPsec
tunnels into this 5350.  Better to run the IPsec into a separate box
with some dedicated crypto hw - for a few tunnels, even an 871 or 851
would do the trick.

As far as L2TP ... that's a non-encrypted tunneling protocol that's
typically used in the following applications:

    * tunneling layer 2 traffic over an IP network (see L2TPv3)
    * wholesale network access for dial / PPPoA customers


If you haven't heard of it, you probably don't want it ...

Aaron

----

> Aaron,
> Thanks your comment.
> I meant it's used 80% of circuit channel capacity. The CPU usage is up
> to 60% at the peak time. And I'm gonna use IPSec VPN.(Can you briefly
> explain the L2TP configuration on AS53xx?)
>  
> David
>  
>  
>
>
> > Date: Tue, 26 Aug 2008 10:53:22 -0700
> > From: Aaron at cisco.com
> > To: david.lin at msn.com
> > CC: cisco-nas at puck.nether.net
> > Subject: Re: [cisco-nas] VPN on Cisco AS53xx
> >
> > David,
> >
> > Not sure what you mean by "80% of capacity". Do you mean that the CPU
> > is 80% busy? If so, then I wouldn't want to terminate VPN into this
> > box, because the 5350 does crypto in software. (Assuming that you are
> > referring to crypto VPN such as IPsec, not unencrypted VPN such as L2TP,
> > which is not too CPU intensive.)
> >
> > Aaron
> >
> > ------------------------------------------------------------------------
> >
> > > Hi all,
> > > I have a Cisco AS5350 which is carrying calls up to 80% of capacity.
> > > Is it good for setting up VPN connections(roughly 10) on this gateway?
> > >
> > > Thanks,
> > >
> > > David
> > >
> > >
> ------------------------------------------------------------------------
> > >
> ------------------------------------------------------------------------
> > >
> > > _______________________________________________
> > > cisco-nas mailing list
> > > cisco-nas at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nas
> >
>
>
> ------------------------------------------------------------------------

More information about the cisco-nas mailing list