VPN throuput on a 2651XM router

IPsec, L2TP, Split tunneling, PPTP and all other VPN related posts.
Post Reply
Guest

VPN throuput on a 2651XM router

Post by Guest » Tue May 03, 2005 5:56 am


Where can I find that info? Also, I got the router used (for close to nothing $) but I know it's worth some $$$.  Where can I find out which model it is exactly?  "show version" doesn't show much.

Guest

Re:VPN throuput on a 2651XM router

Post by Guest » Tue May 03, 2005 6:30 am


Depends on whether you have a HW encryption card in it.  There's a bunch of rate information here:http://www.cisco.com/en/US/partner/prod ... fc.shtmlIf you're going to be doing VPN's on it then you really wouldn't run it without a HW card in it.  "sho diag" should give you some info on what modules are in what slots, but the "sho ver" output should tell you what model it is. Router# sho verCisco IOS Software, C2600 Software (C2600-ADVIPSERVICESK9-M), Version 12.3(14)T2, RELEASE SOFTWARE (fc4)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2005 by Cisco Systems, Inc.Compiled Wed 11-May-05 16:02 by hqluongROM: System Bootstrap, Version 12.2(8r) [cmong 8r], RELEASE SOFTWARE (fc1)sv3-14 uptime is 2 weeks, 5 days, 7 hours, 58 minutesSystem returned to ROM by power-onSystem image file is "flash:c2600-advipservicesk9-mz.123-14.T2.bin"This product contains cryptographic features and is subject to UnitedStates and local country laws governing import, export, transfer anduse. Delivery of Cisco cryptographic products does not implythird-party authority to import, export, distribute or use encryption.Importers, exporters, distributors and users are responsible forcompliance with U.S. and local country laws. By using this product youagree to comply with applicable laws and regulations. If you are unableto comply with U.S. and local laws, return this product immediately.A summary of U.S. laws governing Cisco cryptographic products may be found at:http://www.cisco.com/wwl/export/crypto/ ... qrg.htmlIf you require further assistance please contact us by sending email toexport@cisco.com.Cisco 2651XM (MPC860P) processor (revision 0x300) with 105472K/25600K bytes of memory.Processor board ID JAE0817EK4U (2189666667)M860 processor: part number 5, mask 22 FastEthernet interfaces1 ISDN Basic Rate interface32K bytes of NVRAM.49152K bytes of processor board System flash (Read/Write)Configuration register is 0x2102Router#  

Guest

Re:VPN throuput on a 2651XM router

Post by Guest » Tue May 03, 2005 7:20 am


Thanks for the info.  I can't access the link you posted though.show diag displays:C2651XM-2FE AIM-VPN/BPII  

Guest

Re:VPN throuput on a 2651XM router

Post by Guest » Tue May 03, 2005 7:31 am


Oh sorry, pasted the partner link.  That link doesn't seem to be available on a non-partner link unfortunately, so here's a cut/paste of the relevant bits from it:--------------------------------------AIM-VPN/BPII, is supported only in the Cisco 2600XMs. It has support for DES/3DES and AES (optimized for AES128 only) along with Layer 3 (IPPCP) Compression. This module requires Cisco IOS Release 12.2(15)ZJ and later.AIM-VPN/BPII -PLUS is supported only in the Cisco 2600XMs.  AIM-VPN/EPII-PLUS is supported in the 2691 and 3725 only. The BPII-PLUS and EPII-PLUS has support for DES/3DES and is optimized for all AES keys (AES128, AES192 and AES256) along with Layer 3 (IPPCP) Compression. These modules are supported in 12.3(5c), 12.3(6) and later for mainline releases and 12.3(7)T and later for T releases. Q.  What function does the VPN Module perform?A. The Cisco 1700, 2600, 3600, and 3700 Series VPN Module optimizes the platform for IPSec VPNs. The module not only accelerates the triple data encryption standard (3DES) and data encryption standard (DES), advanced encryption standard (AES) algorithms used in IPSec, but it handles a variety of other IPSec-related tasks: hashing, key exchange, and storage of security associations. By doing so, the VPN module frees the Cisco 1700, 2600, 3600 and 3700 Series CPU to perform other router, voice, and firewall functions.Q. What is the maximum DES/3DES/AES-128 IPSec performance with 1400 byte packets for the Cisco 1700, 2600, 3600, and 3700 Series utilizing the VPN Module?A.  Cisco 2650/51XM with AIM-VPN/BPII or AIM-VPN/BPII-PLUS will give 10 Mbps throughput with IMIX traffic, 22 Mbpsthroughput with packet size of 1400bytes, and support 800 tunnels.  Q. What is the maximum AES-192/256 IPSec performance with IMIX packets for the Cisco 1700, 2600, 3600, and 3700 Series utilizing the VPN Module?A.  Cisco 2650/51XM with AIM-VPN/BPII will give 8.5 Mbps throughput with IMIX traffic for both AES-192 and 256.  The BPII-PLUS will give around 10Mbps performance.-----------------------------------------Also, be aware that that card has been EOL'd as per:http://www.cisco.com/en/US/products/hw/ ... b.htmlIt's still supported till 2010 and will work fine for you, it's just not quite as fast with AES-192 or AES-256 as the PLUS version of the same card, which has been hardware-optimizied specifically for those larger key sizes.  If you're using 3DES or AES-128 then there's no performance difference.

Guest

Re:VPN throuput on a 2651XM router

Post by Guest » Tue May 03, 2005 7:55 am


Excellent!  That's exactly what I needed.  This router is currently an overkill anyway.  I'm using it as a home fw/ips/vpn solution for my home network and my DSL line doesn't reach rates that are anywhere close to 8.5 or 10Mbps so it should last me a while.Thank you!

Post Reply