Gabriel Green wrote:
Hi All,
I recently changed my client devices (3COM officeconnect routers with
VPN capabilities) to 3DES from DES but it seems that it increases ping
times to the remotes, even though the pfSense box doesn't show too
much usage.
If your CPU on the pfsense box isn't pegged, it's not the bottleneck.
The officeconnect routers that I've seen at least are OLD devices, if
yours are similar to the ones I've come across, I would be willing to
bet they're your bottleneck.
Quick and easy way to test - try replacing one of those 3Com boxes with
an old PC (~300+ MHz or so) with pfsense and see if that makes any
difference.
I am quick to blame the remote 3COM officeconnect devices at the
remote locations,; but I was wondering if any 3DES accelerator cards
might help the situation a bit. If anyone has any to recommend,
please let me know.
Any supported Hifn cards will help substantially, but only if your CPU
is pegged. Since that's not the case, it likely won't change anything.
On a separate note, given our bandwidth requirements--why shouldn't we
get two SDSL lines instead of a T1 plus SDSL for redundancy? The SLAs
are very similar and SDSL is less expensive.
Well, depends on the specifics of the provider(s), but the T1 and SDSL
going out simultaneously is almost certainly far less likely than two
SDSL connections going down simultaneously. Depends on your company's
tolerance for failure vs. the cost differential. I would feel more
comfortable with two different types of connections to two different
providers. But, both of those are likely to come into your facility over
the same maybe 200 pair copper (or maybe fiber depending on where you
are), so a cable seeking back hoe will likely take out both (I've seen
it on more than one occasion, it's not pretty). You may want to consider
a cable modem in addition if back hoe failure avoidance is important,
because the cable is most likely going to take a completely different
path. Based on experience, I would be most comfortable with either T1 or
DSL plus cable.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
