Encryption Overheads

thestagman · ‎11-23-2007

Does anyone know what overheads are experienced when using encryption across a 1gb link between sites, using two Cisco 2821 Routers ?

Thanks

Richard Atkin · ‎11-23-2007

Cisco 2821 with Onboard VPN

250 Tunnels Maximum

56 Mbps @ 3DES

56 Mbps @ AES

Cisco 2821 with AIM-VPN/SSL-2

1500 Tunnels Maximum

140 Mbps @ 3DES

140 Mbps @ AES

bauer.juergen · ‎11-26-2007

it depends on the packet size, encryption used etc. if you have lots of small packets on that link, you will have a lot of overhead.

regards,

juergen

thestagman · ‎11-26-2007

Hi thanks

for the reply, here is one end of my VPN Site to Site config : -

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key XXXXXXXX. address X.X.X.X (Docklands Address)

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto map DCK_FTWR 1 ipsec-isakmp

description Tunnel to X.X.X.X (Docklands Address)

set peer X.X.X.X (Docklands Address)

set transform-set ESP-3DES-SHA

match address 100

access-list 100 remark DCK_FTWR Category=4

access-list 100 remark IPSec Rule

access-list 100 permit ip any any

Interface Commands

Int G0/1

crypto map DCK_FTWR

crypto ipsec df-bit clear

I'm not sure about the packet size I will have to investigate. Lets assume they are small so worst case ..

Cheers

bauer.juergen · ‎11-26-2007

56 byte for esp

20 byte extra for the outer ip header

smallest packet on ethernet(?): 64 byte

so your overhead could be more than 100%

of course you will have big packets on your net as well - for user data, file transfers etc.

thestagman · ‎11-26-2007

Thanks vey much for your help ..