[vpn] CVPN 3.5 - IOS v12.1(7a) + FTP tests strange (maybe not) results

Ahmed Benallegue syu at ecmwf.int
Tue Jun 25 06:52:49 EDT 2002


Hi,

I am trying to set up an IPSec tunnel between a Laptop running Cisco VPN
Client 3.5 on Windows 2000 and a Cisco router 7140 running IOS 2.1(7a)E6
but I haven't succeded so far.
I tried everything: preshared keys, dynamic maps... The point is that
all the configuration examples I have found so far (mainly on 
cisco.com) use Cisco IOS v12.2(8)T. So do I have to update my IOS to
this version or is there any other configuration possibility?



I made some FTP tests (transferring a 12 Mbytes file) between a Cisco
7140 IOS router (in the UK) and a Cisco PIX (in Germany) going through
the Internet. I had the following resultes (time transfer + rate):

With an ISM enncyption card ENABLED on the 7140 router:
 AH-SHA : 	    29s, 404 Kb/s
 AH-SHA + ESP-DES:  39s, 300 Kb/s
 ESP-SHA + ESP-DES: 31s, 375 Kb/s

With an ISM enncyption card SHUTDOWN on the 7140 router:
 AH-SHA : 	    12s, 966 Kb/s (!!)
 AH-SHA + ESP-DES:  21s, 530 Kb/s
 ESP-SHA + ESP-DES: 22s, 530 Kb/s

It is true that the CPU usage on the router is much more important (up
to 100%, mainly due to the encyption process) when the ISM encyption
card is shutdown, but I didn't expect this huge performance differences.
I thought that the encyption card increases the performances.
So, I will be pleased if someone can tell me if this results are normal
or if there is any explanation.



Thank you very much for any help.

Regards,

Ahmed

VPN is sponsored by SecurityFocus.com





More information about the VPN mailing list