cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


313
Views
5
Helpful
0
Replies
Highlighted
Cisco Employee

Question on ASA performance related to various crypto

Hello, I've been asked to help a partner identity what the performance hit (if any) will be observed using different IKEv2 encryption.

Specifically, If they size an ASA for remote access VPN using some of the high encryption options, what will be the performance hit?  Is there a matrix or table documented that describes the expected performance hit using these crypto options:

Diffie-Hellman group 14 - mod 2048 with AES-192 or AES-256 used for encryption

Diffie-Hellman group 15 - mod 3072 with AES-192 or AES-256 used for encryption

Diffie-Hellman group 16 - mod 4096 with AES-192 or AES-256 used for encryption

Diffie-Hellman group 19 - 256-bit elliptic curve with AES-192 or AES-256 used for encryption

Diffie-Hellman group 20 - 384-bit elliptic curve with AES-192 or AES-256 used for encryption

Diffie-Hellman group 21 - 521-bit elliptic curve with AES-192 or AES-256 used for encryption

Everyone's tags (3)