IPsec PIX525 to PIX515 performances.

I guys,

I set up an IPsec tunnel between a PIX525 and a PIX515.

They both are behind routers doing NAT. I did everything needed and tunnel estalishes happily. Performances are very poor. The final segment closest to 515 is wireless The scenario is as follows:

PIX525(6.3.4)---router837(12.4.2)*----internet-------(wireless connection)----3620(12.3.15)-----PIX515(7.0.2)

First of all I noticed a very weird thing: monitoring interfaces inside and outside of the 515 while transferring a file over the VPN the amount rate on the outside is doubled than the inside (the PIX525 is working only for the VPN). That doesn't happen on 525. Moreover the 3620 often sees its CPU TIME very high (60/80%).

I thought it was an MTU problem, so I decreased it to 1400 on both out and inside interfaces on 515 down to 1400 and on outside of the 525 as well.

Moreover, monitoring the traffic, the line drawn has a shape very like to \\/\\/\\/\\/ on both the PIXes Maybe the problem is the 3620 but the shape and performances are the same when once in a while the 3620 CPU is not loaded.


Reply to
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.