11-22-2006
Solaris 10 IPSec peformance
Hi,
does anyone have an experience how many IPSec tunnels Solaris 10 is able manage. A rough estimation would be great.
I know it's hardly dependent on the hardware used, so if anyone says on a 490 with 2 CPUs and 4GB RAM a maximum of 1000 IPSec tunnels is possible, that would be great.
I made some tests on a 480 and I was able to have 250 tunnels at one time with good performance but then I ran out of hardware.
Thanks in advance,
blombo
9 More Discussions You Might Find Interesting
1. IP Networking
Hello,
I'm trying to setup a gateway VPN between two routers across an unsecured network between two local networks. The routers are both linux and I'm using the ipsec tools, racoon and setkey. So far hosts from either local net can successfully ping hosts on the other local net without issue.
... (0 Replies)
Discussion started by: salukibob
0 Replies
2. Red Hat
Hi,
I am trying to set a policy between 2 machines for all the ports except for 22 i.e. for tcp - basically I want to bypass ssh. But my policy doesn't seem to work. Here are the entries
spdadd 1.2.3.4 4.3.2.1 any -P out prio 100 ipsec esp/transport//require ah/transport//require;
spdadd... (0 Replies)
Discussion started by: ahamed101
0 Replies
3. Solaris
Hi all,
I'm running solaris x86_64 as a home server and am quite happy with it. Currently I'm working with Solaris 10 and 11 express. Typically I tunnel traffic to it via ssh with port forwards, but I'm interested in using the built in IPSEC features that Solaris has. I've setup a solaris... (1 Reply)
Discussion started by: vectox
1 Replies
4. BSD
Hi, this is my first post...:p
Hello Admin :)
Can I have an ask for something with my configuration ?
I have finished some kind of the tutorial to build ipsec site to site, and the "step" has finished completely.
I have a simulation with a local design topology with two PC's (FreeBSD ... (0 Replies)
Discussion started by: aulia
0 Replies
5. Solaris
I having problem connecting to a Cisco PIX
Log from IKE
# /usr/lib/inet/in.iked -f /etc/inet/ike/config -d
Jan 16 00:40:57: 2012 (+0800) *** in.iked started ***
Jan 16 00:40:57: Loading configuration...
Jan 16 00:40:57: Checking lifetimes in "nullrule"
Jan 16 00:40:57: Using default value... (0 Replies)
Discussion started by: conandor
0 Replies
6. UNIX for Advanced & Expert Users
How can i implement Ipsec between two machines in linux_ ubuntu?
any link?? suggestion?? (0 Replies)
Discussion started by: elinaz
0 Replies
7. Cybersecurity
hello,
after configuration ipsec in ip4 I can not ping between client and server whereas I had success ping before configuration!
I also generate different key for AH and ESP as i have shown below.
what is my problem and what should i do to have ping and test the configuration?
code:
... (0 Replies)
Discussion started by: elinaz
0 Replies
8. AIX
Hi Guys,
Please could you tell me if it is possible to have a single rule/filter to allow a certain port range instead of a separate rule for each port?
I'm sure it must be possible but I am unable to find the syntax.
Thanks
Chris (4 Replies)
Discussion started by: chrisstevens
4 Replies
9. Solaris
I want a lan encrypted with ipsec.
This is my /etc/inet/ike/config
p1_xform
{ auth_method preshared oakley_group 5 auth_alg sha256 encr_alg aes }
p2_pfs 2
this is my /etc/inet/secret/ike.preshared
# ike.preshared on hostA, 192.168.0.21
#...
{ localidtype IP
localid... (1 Reply)
Discussion started by: Linusolaradm1
1 Replies
LEARN ABOUT HPUX
ipsec_config_delete
ipsec_config_delete(1M) ipsec_config_delete(1M)
NAME
ipsec_config_delete - delete configuration records from the HP-UX IPSec configuration database and delete certificate files
SYNOPSIS
object_name
ip_addr
object_name
object_name
object_name
object_name
DESCRIPTION
The command deletes configuration records from the configuration database and certificate data. If HP-UX IPSec is active and running, the
data (IPsec policy, authentication record or bypass list entry) is also deleted from the runtime policy database. If you delete IPsec
policies that have active Security Associations (SAs), HP-UX IPSec removes the SAs from the Security Association Database (SADB) and sends
a delete notification to the remote system. If HP-UX IPSec removes an IKE policy, the associated IPSec SAs can remain active, but no IKE
control messages can be sent.
The command deletes the certificate for the local system and the related private key file from the directory. It does not delete certifi-
cates for CAs or Certificate Revocation Lists (CRLs). To delete these objects, you must manually delete the files in the directory. You
can use the command to display the file names with the subject names for the CA certificate files and the issuer names for the CRL files.
You cannot delete the configuration object.
Options and Operands
The command recognizes the following options and operands:
object_name
Specifies the name of the object you are deleting.
Do not use this argument when deleting a configuration object.
You cannot delete the host, IKEv1, or IKEv2 policies.
ip_addr
Specifies the IP address of the entry in the bypass list you are deleting.
EXAMPLES
The following command deletes the host IPsec policy named
AUTHOR
was developed by HP.
FILES
configuration database.
default profile file.
SEE ALSO
ipsec_admin(1M), ipsec_config(1M), ipsec_config_add(1M), ipsec_config_batch(1M), ipsec_config_export(1M), ipsec_config_show(1M),
ipsec_migrate(1M), ipsec_policy(1M), ipsec_report(1M).
HP-UX IPSec Software Required ipsec_config_delete(1M)