I have an 831 configured as a ezvpn client connected to an 2811 configured as a VPN Server. I would like to use the strongest encryption possible (AES - 256) but it seams to be that AES does not use the VPN accelerator at least on the 831. Since I'm using the VPN for VoIP, its performance is also very important. Apparently the only algorithm that is supported on the accelerator is DES or 3DES, it seems that 3DES is the only choice for now.
It seems however, based on some non-Cisco documentation, that AES outperforms 3DES even with Hardware assisted VPNs.
My question would be: what performs better on the 831, a 3Des with the onboard VPN accelerator or Software based AES?
Both of them doesnt make big difference.The only requirement to support both of them is Cisco IOS Release 12.2(13)T or later. Refer the following URL for more information on commnads used for configuring these options
I use 831 with 3DES instead of AES. With the 3DES hardware encrytion, my CPU run at 4% most of the time. I never tried the AES software encryption, but if you're using VoIP feature on your 831 you better not use AES. But that also depend, how many node and IP phones communicates with the 831. If only one node or IP phones are connected with the 831, I think you'll be able to run AES.
You can start by testing with the 3DES software encryption (no crypto engine accelerator) to see if your CPU reach a high value, then activate the AES instead of 3DES.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...