Hello

Cisco advice to enable crypto engine large-mod-accel to switch large modulus operations from software to hardware to improve performance and decrease CPU. Is that true even if on my firewall there are no vpn neither ipsec or ssl ? I can't understand why with the show crypto accelerator statistics I see a large amount of outbound bytes [Global Statistics] and outbound SSL records [SSL statistics] which is not justified by any vpn. That command should have a performance impact on SSL throughput, but it is meant to be only SSL vpn throughput ?

fw-01# sh crypto accelerator statistics

Crypto Accelerator Status
-------------------------
[Capability]
   Supports hardware crypto: True
   Supports modular hardware crypto: False
   Max accelerators: 1
   Max crypto throughput: 425 Mbps
   Max crypto connections: 5000
[Global Statistics]
   Number of active accelerators: 1
   Number of non-operational accelerators: 0
   Input packets: 129907
   Input bytes: 38343325
   Output packets: 928819708
   Output error packets: 0
   Output bytes: 152511327920

[Accelerator 0]
   Status: OK
   Software crypto engine
   Slot: 0
   Active time: 4062458 seconds
   Total crypto transforms: 18085063
   Total dropped packets: 0
   [Input statistics]
      Input packets: 0
      Input bytes: 10492944
      Input hashed packets: 0
      Input hashed bytes: 0
      Decrypted packets: 0
      Decrypted bytes: 10492944
   [Output statistics]
      Output packets: 0
      Output bad packets: 0
      Output bytes: 196506368
      Output hashed packets: 0
      Output hashed bytes: 0
      Encrypted packets: 0
      Encrypted bytes: 196506592
   [Diffie-Hellman statistics]
      Keys generated: 0
      Secret keys derived: 0
   [RSA statistics]
      Keys generated: 4
      Signatures: 5982
      Verifications: 1
      Encrypted packets: 3
      Encrypted bytes: 91
      Decrypted packets: 3
      Decrypted bytes: 768
   [ECDSA statistics]
      Keys generated: 12
      Signatures: 12
      Verifications: 15
   [SSL statistics]
      Outbound records: 0
      Inbound records: 0
   [RNG statistics]
      Random number requests: 84
      Random number request failures: 0
   [HMAC statistics]
      HMAC requests: 4974791

[Accelerator 1]
   Status: OK
   Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x0)
                             Boot microcode        : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode     : CNLite-MC-SSLm-PLUS-2_05
                             IPSec microcode       : CNlite-MC-IPSECm-MAIN-2.08
   Slot: 1
   Active time: 4062462 seconds
   Total crypto transforms: 929724996
   Total dropped packets: 0
   [Input statistics]
      Input packets: 129907
      Input bytes: 55682250
      Input hashed packets: 0
      Input hashed bytes: 0
      Decrypted packets: 129907
      Decrypted bytes: 27850381
   [Output statistics]
      Output packets: 928819708
      Output bad packets: 0
      Output bytes: 304629626512
      Output hashed packets: 0
      Output hashed bytes: 0
      Encrypted packets: 928819708
      Encrypted bytes: 152314822512
   [Diffie-Hellman statistics]
      Keys generated: 6045
      Secret keys derived: 5981
   [RSA statistics]
      Keys generated: 0
      Signatures: 1
      Verifications: 1
      Encrypted packets: 0
      Encrypted bytes: 0
      Decrypted packets: 0
      Decrypted bytes: 0
   [ECDSA statistics]
      Keys generated: 0
      Signatures: 0
      Verifications: 0
   [SSL statistics]
      Outbound records: 928819708
      Inbound records: 129907
   [RNG statistics]
      Random number requests: 760796
      Random number request failures: 0
   [HMAC statistics]
      HMAC requests: 5