Pradeep,
This is easy to answer is easy from a 40,000 foot(meter)
level. It becomes more difficult to nail down an
answer, but see if this helps any.
Encryption/Decryption is CPU intensive. It
will depend on the number of connections/sessions
and the amount of data flowing over them.
Symetrical keying(pre-shared) is less CPU bound then
Asymentrical(PKI), since their is less computation with the
former. Also, the time in which you recalculate keys will
also become a factor in a 'busy' environment.
As for when you'll need to beef up your systems or add
VPN hardware is really up to you and your needs.
Once you start testing with a handful of users and they
put a small load on your system, you'll begin to understand
how this will impact your site's performance.
Let us know what you do and how it does impact you.
Robert
- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> Pradeep K Verma <[EMAIL PROTECTED]> 8/20/00 2:26:36 AM >>>
>
>I have a 4.1 VPN & FW-1 running on a Sun Ultra 10, 256MB RAM, Solaris 2.6.
>My rulebase is having around 60 statements. I am not doing any NAT. The CPU
>utilization never is above 8%. I now have to setup a single VPN with 3DES
>encryption on the box. Can someone please tell me approximately how much
>extra load this will produce?
>Will there be a difference in the load if I use a preshared key instead of a
>public key? Will I be able to add more VPN's in the future and at what stage
>would I require to plug in the VPN accelarator card?
>
>Thank you very much.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
