Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX & Packeteer

Status
Not open for further replies.
LittleFishy

LittleFishy

MIS
Sep 10, 2002
46
0
0
GB
I have asked a similar question before, but I want to get clear in my head whay I'm doing before I commit.

I have two sites each has a Internet link and we then link the two sites using our PIX 515R's VPN setup. Our problem is that when using the VPN, its bandwidth get shrunk down when too many people are on the Net (at either site). We run a business critical app through the VPN and being a terminal services type app as soon as the bandwidth drops users get kicked out. I know the 515R doesn't support traffic shaping and so after a previous suggestion I was looking into Packeteer Packetshapers. My question is (a) are they going to work and (b) am I going to need one at each end? Each site has a separate IP structure and other than the app and the odd bit network browsing nothing else goes down the VPN. Thanks.


We have a PIX 515R used mainly for internet access, but also for a vpn connection to another office. I understand that the PIX will not allow traffic shaping, but does anyone know of any software/hardware solutions that will allow me to do it (without fiddling with our router)?
 
Sort by date Sort by votes
There has been a stratigic partnership with an Optimization system that is a hard/soft combination that will allow you to optimize the bandwidth utilization enough to make this problem go away. If you would like to get some more information, check out the contact information at
 
Upvote 0 Downvote
I have this topology it work fine. Install a shaper on your central site. Of course it's better to use one on each side (to shape UDP or make compression).

It's a good solution.
 
Upvote 0 Downvote
I am also using a 1500 Packet shaper. You only need to if your wish to use compression. I do not think you will be able to compress encrypted traffic though.

Only Draw back, you will want to place your packeteer on teh outside interface of your PIX so that you can see IPsec and ISAKMP, however if you are using NAT or PAT, you will not be able to prioritise each application by source address.

 
Upvote 0 Downvote
for compression it work but you need to install it like this :

LAN=>LAN router=>SHAPER=>PIX====PIX<=SHAPER<=LAN ROUTER<=LAN
 
Upvote 0 Downvote
We have Shapers at all our remote sites and it works a treat... We have different Partitions depending on how mission critical the protocols are within the partition. On our 2.2MB VPN Links we have all Bandwidth reserved for SSH and Telent, thus no matter how greedy FTP etc trys to get gets the PS will not allow the it to take up all the bandwidth and thus Telnet and SSH have good COS and QOS and dont get dropped! (FTP has a very low priority and will get qued when applicable)

PS's are great and would suit your needs perfectly! We also use them for traffic analysis and troubleshooting!!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
35
xwray
xwray
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
42
brownmab53
brownmab53
quazimotto
  • Locked
  • Question
Correct Upgrade Path for PIX
Replies
7
Views
92
quazimotto
quazimotto
quazimotto
  • Locked
  • Question
Ping thru PIX to subnet inside??!!
Replies
0
Views
29
quazimotto
quazimotto
hall5942
  • Locked
  • Question
Site to Site VPN with Cisco 881 and PIX
Replies
0
Views
31
hall5942
hall5942

Part and Inventory Search

Sponsor

Back
Top