CCR-1009-8G-1S-1S+ with IPsec (AES-256-CBC) poor performance
Posted: Fri Mar 20, 2015 5:28 pm
Hello,
We bought CCR-1009 because of hardware encryption. After setting UP two tunnels with 3des on Phase 1 (ipsec peer) and AES-256-CBC on Phase 2 (ipsec proposal) we fired up two iperfs between two Windows 7 boxes and Linux box. Unfortunately we can reach no more than about 200 Mbps of traffic. With connection trackin disabled we get about 275 Mbps. Still lower than folks from forums.
Also one reboot occured during testing and in log we had:
16:04:10 system,error,critical System rebooted because of kernel failure
16:04:10 system,error,critical router was rebooted without proper shutdown
We enabled AES-256-CBC in advanced settings in Windows 7 also I can see in "Installed Sas" that it is using AES:
Auth. Algorithm sha1
Encr. Algorithm aes cbc
Any help would be appreciated!
We bought CCR-1009 because of hardware encryption. After setting UP two tunnels with 3des on Phase 1 (ipsec peer) and AES-256-CBC on Phase 2 (ipsec proposal) we fired up two iperfs between two Windows 7 boxes and Linux box. Unfortunately we can reach no more than about 200 Mbps of traffic. With connection trackin disabled we get about 275 Mbps. Still lower than folks from forums.
Also one reboot occured during testing and in log we had:
16:04:10 system,error,critical System rebooted because of kernel failure
16:04:10 system,error,critical router was rebooted without proper shutdown
We enabled AES-256-CBC in advanced settings in Windows 7 also I can see in "Installed Sas" that it is using AES:
Auth. Algorithm sha1
Encr. Algorithm aes cbc
Any help would be appreciated!