In article , Julien Nicodeme wrote: :I am about to choose the transforms for a huge VPN depoyment using PIX :firewalls from 501 to 535 HA. Some of those firewalls will have VPN AC :cards, others not.
:Question, Are the VPN AC cards optimized for 3DES/DES or is it also :bringing refreshing soda's for busy PIX using AES?
501: 3 Mbps 3DES, 4.5 Mbps AES-128, ? AES-256
506: 10 Mbps 3DES, ? AES-128, ? AES-256
506E: 17 Mbps 3DES, 30 Mbps AES-128, ? AES-256
515: ??
515E + VAC: 63 Mbps 3DES, ? AES-128, ? AES-256
515E + VAC+: 140 Mbps 3DES, 135 Mbps AES-128, 140 Mbps AES-256
520: ?
520 + VAC : (supported, rates unknown)
520 + VAC+ : (supported, rates unknown)
525 + VAC: 72 Mbps 3DES, ? AES-128, ? AES-256
525 + VAC+: 155 Mbps 3DES, 165 Mbps AES-128, 170 Mbps AES-256
535 + VAC: 100 MBPS 3DES, ? AES-128, ? AES-256
535 + VAC+: 440 Mbps 3DES, 535 Mbps AES-128, 440 Mbps AES-256
Note: there are documented total VPN throughput restrictions on the
506E, 515, and 515E, that are noticably lower than the figures given above. The documentation might not reflect the use of VAC/VAC+. Also, the document was the "506E/515E Q&A" from the 6.1(2) timeframe, but 6.2 introduced substantial VPN speedups for at least some of the systems (e.g., 501), so the data in that document may be obsolete.