Cisco Support Community
Community Member

3DES or AES on a 831 Router

I have an 831 configured as a ezvpn client connected to an 2811 configured as a VPN Server. I would like to use the strongest encryption possible (AES - 256) but it seams to be that AES does not use the VPN accelerator at least on the 831. Since I'm using the VPN for VoIP, its performance is also very important. Apparently the only algorithm that is supported on the accelerator is DES or 3DES, it seems that 3DES is the only choice for now.

It seems however, based on some non-Cisco documentation, that AES outperforms 3DES even with Hardware assisted VPNs.

My question would be: what performs better on the 831, a 3Des with the onboard VPN accelerator or Software based AES?



Re: 3DES or AES on a 831 Router

Both of them doesnt make big difference.The only requirement to support both of them is Cisco IOS Release 12.2(13)T or later. Refer the following URL for more information on commnads used for configuring these options

Community Member

Re: 3DES or AES on a 831 Router

I use 831 with 3DES instead of AES. With the 3DES hardware encrytion, my CPU run at 4% most of the time. I never tried the AES software encryption, but if you're using VoIP feature on your 831 you better not use AES. But that also depend, how many node and IP phones communicates with the 831. If only one node or IP phones are connected with the 831, I think you'll be able to run AES.

You can start by testing with the 3DES software encryption (no crypto engine accelerator) to see if your CPU reach a high value, then activate the AES instead of 3DES.

CreatePlease to create content