Im involved in deploying a project with end-to-end encryption using cisco 2811 router. And the number of users in this project would be max 10. Im aware that the cisco 2811 has got on board encryption capability. Hence would it be better if I go for separate(either hardware or software) encryption module or use the existing on board encryption since the number of users are just 10.
There are two options for encrpytion; the main CPU and a VPN/SSL AIM daughter card. Which one to use depends on the amount of traffic to be encrypted/decrypted and the encryption level (ie 3des/AES). If your going to use AES you pretty much have to use the AIM card. In a lab I was able to cripple a couple of 2811's with AES using the main CPU for encryption, with relatively low traffic loads.
HTH and please rate.