Gig Throughput on IPSEC

Brad Fleming bdfleming at
Wed Nov 11 18:45:44 UTC 2009

On Nov 11, 2009, at 3:25 AM, adel at wrote:

> Hi,
> I have a requirement to encrypt data using IPSEC over a p-t-p gig  
> fibre
> link.  In the past I've normally used Juniper to terminate VPNs, as I
> have found them excellent devices and the route based VPN  
> functionality
> very useful.  However looking at their range, only the ISG will do a  
> gig
> of IPSEC.  I'm leaning towards keeping my exising Juniper SSG550's for
> firewall/routing capability at each site.  Then having a separate
> encryption devices to handle the site-to-site vpn requiring the gig
> throughput.  Does anyone have any suggestions on devices to use?
> Adel

Not knowing all your other needs, I won't swear to it... but would the  
Juniper SRX650 work for your situation? It can pass 1.5Gbps of  
encrypted traffic according to their datasheet. I've never actually  
tried to move that much data through the box so I can't testify to it.

Also, the Juniper SRX3400 is advertised as handling 6Gbps of encrypted  

Of course, these are JunosES devices as opposed to ScreenOS, but the  
transition isn't as painful as you might expect. We actually use the J- 
series devices with JunosES as site routers/firewalls with a great  
deal of success.

More information about the NANOG mailing list