We're trying to offload VPN traffic from our main firewall with a ISG 2000 running 6.3.0r13b.0 which we pulled out of the closet. This is a route-based VPN, but even with a single copy process started to the remote location, cpu spikes over 80% and the copy process is much slower (less than 1/2) of what the main firewall is with all processes running over the tunnel. I'm hoping I missed a setting that might boost VPN performance. Can anyone help me out? Thanks
I forgot to mention this is for a 256-bit AES tunnel. The documentation states 1 Gbps for 3DES, which I'd guess is about the same for 128-bit AES. We have high CPU usage for around 2 Mbps, and the CPU drops when the transfer stops. Thanks again.
This is a design limitation. As mentioned in the previous response - AES-256 encryption-decryption is handled on the CPU of ISGs rather than on the ASIC chips. The CPU on these platforms can get overwhelmed easily.
Consider using a different Cipher.