[c-nsp] Pix to Pix tunnel performance w/Windows File Sharing

Tony Mucker Tony at tonymucker.com
Thu Feb 17 09:52:24 EST 2005 

CPU usage is very low.  When I tried another transfer, the 520 was at 2% 
for the 5 sec average, and the 515 was at 4% for the same average.

The 520 currently runs another IPSEC tunnel in addition to this new 
tunnel, and we have an average of 20 VPN Client users during the day.  
That being said, MRTG has shown that the CPU usage never rises into 
double digits.

Jim McBurnett wrote:

>Tony,
>I have seen poor performance with PIXs that do not have the VPN accel
>card...
>What does the show cpu usage show on both?
>
>Just a thought.. 
>
>-----Original Message-----
>From: Tony Mucker [mailto:Tony at tonymucker.com] 
>Sent: Wednesday, February 16, 2005 4:57 PM
>To: cisco-nsp at puck.nether.net
>Subject: [c-nsp] Pix to Pix tunnel performance w/Windows File Sharing
>
>I've just finished setting up an IPSEC tunnel (using DES encryption)
>between a PIX 520 on PIX OS 6.3(3) and a PIX 515-E on PIX OS 6.3(4).
>
>I haven't been able to do a thorough test yet, but Windows File sharing
>is fairly abyssmal.  The PIX 520 sits behind 4 T1s of available
>bandwidth (768KB/sec) and the 515 is has 2 T1s (384KB/sec), but on my
>quick test of trying to pull a file my gkrellm monitor was reporting
>about 30KB/sec.  Contrast that to when I fired up the wrong version of
>VNCViewer (I normally use TightVNC)  and started loading my desktop,
>gkrellm reported about 360KB/sec sustained flowing through my laptop's
>interface.
>
>MTU for both PIXes is set at the default for ethernet, 1500.  I haven't
>checked the Windows file server I was pulling from, but it too should be
>set somewhere aroud 1500.  My next step when I get some time will be to
>get some packet dumps using ethereal to see if there's anything funny
>going on.
>
>In the meantime, has anyone else run into similiar problems?  Or perhaps
>problems with Windows file sharing throughput with remote users
>connected via Cisco's VPN Client?
>
>Thanks
>Tony
>
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
>  
>

More information about the cisco-nsp mailing list