11-23-2007 09:57 AM - edited 03-09-2019 07:28 PM
Does anyone know what overheads are experienced when using encryption across a 1gb link between sites, using two Cisco 2821 Routers ?
Thanks
11-23-2007 11:12 AM
http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/netbr09186a00801f0a72.html
Cisco 2821 with Onboard VPN
250 Tunnels Maximum
56 Mbps @ 3DES
56 Mbps @ AES
Cisco 2821 with AIM-VPN/SSL-2
1500 Tunnels Maximum
140 Mbps @ 3DES
140 Mbps @ AES
11-26-2007 03:03 AM
it depends on the packet size, encryption used etc. if you have lots of small packets on that link, you will have a lot of overhead.
on http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008081e621.shtml#backinfo you have detailed info about additional headers.
regards,
juergen
11-26-2007 04:49 AM
Hi thanks
for the reply, here is one end of my VPN Site to Site config : -
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key XXXXXXXX. address X.X.X.X (Docklands Address)
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map DCK_FTWR 1 ipsec-isakmp
description Tunnel to X.X.X.X (Docklands Address)
set peer X.X.X.X (Docklands Address)
set transform-set ESP-3DES-SHA
match address 100
access-list 100 remark DCK_FTWR Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip any any
Interface Commands
Int G0/1
crypto map DCK_FTWR
crypto ipsec df-bit clear
I'm not sure about the packet size I will have to investigate. Lets assume they are small so worst case ..
Cheers
11-26-2007 06:10 AM
56 byte for esp
20 byte extra for the outer ip header
smallest packet on ethernet(?): 64 byte
so your overhead could be more than 100%
of course you will have big packets on your net as well - for user data, file transfers etc.
11-26-2007 06:53 AM
Thanks vey much for your help ..
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: