Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IPSec Overheads

Hi,

Can anyone tell me what sort of overhead 3DES (ESP) puts on an IP packet?

From memory, theres 50-73 additional bytes and I recall that it must be in increments of 8 but I dont understand the huge variation (50-73).

Can I accurately calculate the overhead of 3des over IP?

Regards

Scott

1 ACCEPTED SOLUTION

Accepted Solutions

Re: IPSec Overheads

The overhead depends on the transform set.

for esp-3des esp-md5-hmac, esp-des esp-md5-hmac, esp-3des esp-sha-hmac, esp-des esp-sha-hmac the overhed will be 50-57bytes

7 REPLIES

Re: IPSec Overheads

The overhead depends on the transform set.

for esp-3des esp-md5-hmac, esp-des esp-md5-hmac, esp-3des esp-sha-hmac, esp-des esp-sha-hmac the overhed will be 50-57bytes

New Member

Re: IPSec Overheads

Thanks for your help.

Is there a matrix or other document somewhere I can reference to determine the overheads for the various transform sets?

Ie. You didnt mention AES encryption, or the AH protocol (probably because no one uses it, but still...)

Re: IPSec Overheads

for AES (esp-aes esp-md5-hmac) 58-73bytes

fot DES,3DES (ah-des esp-md5-hmac) 62-69bytes

Silver

There is an updated version

There is an updated version of this tool available here:

 

IPSec Overhead Calculator

 

-Jay Young

Re: IPSec Overheads

Hello,

I have found in the past a HTML page which calculate IPSec packet size depending of the transform set used. I have added the NAT-T overhead.

It is attached to this reply.

At this time it does not include AES.

Re: IPSec Overheads

Hello,

I have received un updated version of the "IPSec Packet Size Calculator" from the original author which include AES encryption.

I have added back the NAT-T calculation and in addition the overhead when using GRE Tunnel Key.

Both the new original and my new version are attached to this post.

Regards and good work with IPSec

New Member

Re: IPSec Overheads

That is a great packet size calculator. However, it doesn't take ESP AES into consideration. If IOS-DES/3DES is 8 byte, ESP-DES/3DES is 2 byte then what would AES add to the mix?

1591
Views
5
Helpful
7
Replies
CreatePlease to create content