I probably should have stated this in the prior email, but the claim
for 3DES encryption on the PIX 535 is 100 Mbps with the addition
of a hardware accelerator card.
-Kent
On 7 Mar 2001, at 14:26, Stanfield Hilman B (Brad) CON wrote:
> Be VERY careful of sales pitches...
> 1Gbps cleartext may well be only a few Mbps in a full encryption mode.
> Case in point, after much research and many sales pitches, my site
> settled on Alcatel TimeStep VPN's to replace older Motorola NES's.
> Alcatel's pitch was that their top of the line series could pass a
> consistent 70Mbps Encrypted. (With Fast Ethernet input and output,
> 100Mbps cleartext. As one of the few devices that were FIPS 140-1
> certified at the time, (A requirement we made from the beginning), we
> went with them. When we started in house testing, we found that when
> configured in FIPS mode, 3DES, SHA1,(As required by us) they would
> only pass 6Mbps!!!! When we finally got to talk to someone that truly
> had a clue, we were informed that in order to meet FIPS certification,
> that all data must pass through a FIPS certified module on the
> mainboard. This module was the same one that was used on their lower
> speed units, and the throughput was 6Mbps! But we had failed to ask
> the proper questions so they had done nothing wrong. Needless to say,
> we are now stuck with equipment that will still improve our throughput
> from what it was, but it's no where near what we thought we were going
> to get. Pay very close attention, and do your homework.
>
> **********************************************************************
> ** Brad Stanfield CCNA/CCDA Network/Integration Engineer
> [EMAIL PROTECTED] Government Micro Resources
> Network Operations Control Center
> Norfolk Naval Shipyard
> Bldg 33 NAVSEA NCOE
> 757-393-9526
> 1-800-626-6622
>
>
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 16, 2001 3:57 PM
> To: '[EMAIL PROTECTED]'; Rossetti, Stan
> Subject: Re: Load Balancing Across Multiple PIX
>
>
> Stan,
>
> As pointed out by others, your best bet for load-balancing across
> multiple PIX boxes is an external load-balancer ala local-director,
> arrowpoint, foundry, etc.
>
> However, in regards to throughput, Cisco claims 1Gbps cleartext
> throughput on the new PIX 535. At that speed, its doubtful you
> need load-balancing for most environments.
>
> HTH,
> Kent
>
> On 7 Mar 2001, at 10:01, Rossetti, Stan wrote:
>
> > Hello Everyone,
> >
> > Does anybody know if it is possible to load balance across multiple
> > PIX firewalls? I have looked at numerous Cisco web pages, but never
> > any mention of load balancing. I have talked to a sales engineer
> > and he has said that to get 1GB of throughput from a PIX firewall,
> > you need to install 3 PIX firewalls and do load balancing across
> > them. The max throughput from one PIX is 370MBps. Of course, I
> > can't get the sales engineer to return my call now. Doe anyone know
> > if this is true? Do you have to have 3 PIX to do load balancing? I
> > would like to just do load balancing across 2 PIX firewalls. Is this
> > possible?
> >
> > Thanks in advance.
> >
> >
> >
> >
> > Thanks
> >
> > Stan Rossetti
> >
> >
> > NASA - PriSMS
> > Advanced Technology Group
> > Voice: (256) 544-5031
> > Email: [EMAIL PROTECTED]
> > Beeper: 544-1183 pin 0112
> >
> > CCDA, CCNA, CCSE
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html Report misconduct and
> > Nondisclosure violations to [EMAIL PROTECTED]
>
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html Report misconduct and
> Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
