I have a network of 2600 series routers connected to the internet using one provider each with a full T1 connection. I have an encrypted GRE tunnel between each site. I have done a few tests with bandwidth and if I bypass the tunnel, I get consistent T1 bandwidth. Using the GRE tunnel, the bandwidth is cut in half. Do I need to invest in the hardware encryption card for the 2600 series routers? Is the 2600 series router capable of encrypting a full T1 at 168 bit encryption? Is the combination of the GRE and encrytion causing problems?
Im guessing you need to offload the encryption overhead to the hardware card option. Before buying that though, get a show techsupport and open a case with the TAC or run it by your Cisco SE to make sure everything is configured correctly. 168 bit IPSEC on a full T1 is a lot of overhead so I suspect theyll recommend the card, if not a 3600 series.
Yep, I did do that, and you are right, 168 bit is alot for the 2600. I ran a number of tests with different encryption levels. I lost about 20% of my bandwidth with single DES, but when I went to triple DES, I lost about 60%. I am going to get a couple of hardware encryption cards to test so that I can see if it helps.
May be stupid to ask but would need yr help to understand the basic issue. When you say that with DES encryption, you lost 60% of bandwidth, what exactly you mean by this? Does it imply that effective bandwidth available for Data(unencrypted Data) gets reduced to 60% and balance 40% goes in Encryption(like GRE Header etc.)? I am sorry to raise this counter question but would appreciate your help on the same. Regarding Encryption Cards, I understand they will help to offload the encryption job from Router CPU and thus increase the speed but how would it exactly help to reduce the bandwidth utilisation unless encryption card is also doing some compresion
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :