Encryption Overheads

Unanswered Question
Nov 23rd, 2007

Does anyone know what overheads are experienced when using encryption across a 1gb link between sites, using two Cisco 2821 Routers ?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
thestagman Mon, 11/26/2007 - 04:49

Hi thanks

for the reply, here is one end of my VPN Site to Site config : -

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key XXXXXXXX. address X.X.X.X (Docklands Address)

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto map DCK_FTWR 1 ipsec-isakmp

description Tunnel to X.X.X.X (Docklands Address)

set peer X.X.X.X (Docklands Address)

set transform-set ESP-3DES-SHA

match address 100

access-list 100 remark DCK_FTWR Category=4

access-list 100 remark IPSec Rule

access-list 100 permit ip any any

Interface Commands

Int G0/1

crypto map DCK_FTWR

crypto ipsec df-bit clear

I'm not sure about the packet size I will have to investigate. Lets assume they are small so worst case ..


bauer.juergen Mon, 11/26/2007 - 06:10

56 byte for esp

20 byte extra for the outer ip header

smallest packet on ethernet(?): 64 byte

so your overhead could be more than 100%

of course you will have big packets on your net as well - for user data, file transfers etc.


This Discussion