Hi,
I've just found a strange error with a PIX 515E we just comissioned. The pix is used for VPN and firewall in a sub branch of our company. We implemented our tried and trusted 3DES-SHA IKE/IPSEC policies, but this PIX experienced very poor performance from the getgo: amazing packet loss on IMCP packets and pitiful performance over anything encrypted, performance over clear circuits was perfect. I'd run full checks on the configs, and fully debugged all tunnel negotiations, everything was correct and low volume traffic was flowing.
Initially I suspected it might be a line fault, faulty cabling or an MTU issue between the peers causing problems, in the end I tracked it down to the use of 3DES in the IPSEC policy, changing the tunnel policy to use the AES-256 transform set fixed the problems completely, the packet loss went away and performance was exactly as it should be.
Has anyone else seen this before ? I'm considering RMA'ing the box but surely the AES cipher is accelerated by the same logic ?
Any ideas greatly appreciated.