Just to show how quickly technology has advanced, I did some benchmarks on a Cisco ASA5505 in order to see how it would perform encrypting information into a VPN. I made a quick test network between two interfaces on an HP DL350G6, with a Ubiquiti Edge Router on one interface, and the Cisco ASA5500 on the other interface. I did one test direct between two VM’s first to get a baseline, and this is what it can do:
Edit – Feb 9 2018:
I did another test, to a StrongSwan EndPoint, over the internet (to a VPS, and was able to transfer a 111Mbyte file in 30s, 3.7MByte/s or 29.6Megabit/s, which is limited by my internet connection. The ASA5505, is still useful for many people. I’m not sure why it was so slow in the below test.
[ ID] Interval Transfer Bandwidth [ 5] 0.00-10.03 sec 0.00 Bytes 0.00 bits/sec sender [ 5] 0.00-10.03 sec 327 MBytes 273 Mbits/sec receiverThen I setup a VPN with AES-256 encryption, and this is what the ASA5505 can do:
[ ID] Interval Transfer Bandwidth [ 5] 0.00-10.05 sec 0.00 Bytes 0.00 bits/sec sender [ 5] 0.00-10.05 sec 5.19 MBytes 4.33 Mbits/sec receiverPretty slow, so I thought I’d try 3DES encryption. Surprisingly I had the same result
[ ID] Interval Transfer Bandwidth [ 5] 0.00-10.05 sec 0.00 Bytes 0.00 bits/sec sender [ 5] 0.00-10.05 sec 5.21 MBytes 4.35 Mbits/sec receiverAccording to the ASA itself, it should be good for 25MBps:
deskwall# show crypto accelerator statistics Crypto Accelerator Status ————————————- [Capability] Supports hardware crypto: True Supports modular hardware crypto: False Max accelerators: 1 Max crypto throughput: 25 Mbps Max crypto connections: 10 [Global Statistics] Number of active accelerators: 1 Number of non-operational accelerators: 0 Input packets: 526230 Input bytes: 112704584 Output packets: 575180 Output error packets: 0 Output bytes: 270144780A few tips to get this working. On the Ubiquiti Edge, the encryption settings need to match, you can do this by adjusting the advanced settings, as shown below: The Edge does not seem to differentiate between IKE and IPSEC. On the Cisco ASA make sure that the encryption settings on the IKE and IPSec both match.