Apologies if this has been asked before but I couldn't see an answer when I searched.
I have a Cisco 3005 Concentrator with 64MB RAM. I am intending to use only Cisco VPN software and hardware clients with X.509 certificates. I have successfully tested IPSEC connections using the following configuration:
Authentication Mode: RSA Digital Certificates (XAUTH)
Authentication Algorithm: SHA/HMAC-160
Encryption Algorithm: AES-256
Diffie-Hellman Group: Group 5 (1536 bits)
Obviously this is good security-wise (could it be any stronger?) however I wonder what the performance implications are of using HMAC with SHA1 and AES-256 on the 3005 range are? I don't envisage us ever having more than about 50 concurrent tunnels, certainly no more than the 200 which are supposedly supported with 64MB RAM. I also intend to configure load balancing once I have upgraded our other 3005 to 64MB RAM.
Any advice you could give on recommended configuration for performance versus security would be gratefully received.