11-23-2007 09:57 AM - edited 03-09-2019 07:28 PM
Does anyone know what overheads are experienced when using encryption across a 1gb link between sites, using two Cisco 2821 Routers ?
Thanks
11-23-2007 11:12 AM
http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/netbr09186a00801f0a72.html
Cisco 2821 with Onboard VPN
250 Tunnels Maximum
56 Mbps @ 3DES
56 Mbps @ AES
Cisco 2821 with AIM-VPN/SSL-2
1500 Tunnels Maximum
140 Mbps @ 3DES
140 Mbps @ AES
11-26-2007 03:03 AM
it depends on the packet size, encryption used etc. if you have lots of small packets on that link, you will have a lot of overhead.
on http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008081e621.shtml#backinfo you have detailed info about additional headers.
regards,
juergen
11-26-2007 04:49 AM
Hi thanks
for the reply, here is one end of my VPN Site to Site config : -
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key XXXXXXXX. address X.X.X.X (Docklands Address)
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map DCK_FTWR 1 ipsec-isakmp
description Tunnel to X.X.X.X (Docklands Address)
set peer X.X.X.X (Docklands Address)
set transform-set ESP-3DES-SHA
match address 100
access-list 100 remark DCK_FTWR Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip any any
Interface Commands
Int G0/1
crypto map DCK_FTWR
crypto ipsec df-bit clear
I'm not sure about the packet size I will have to investigate. Lets assume they are small so worst case ..
Cheers
11-26-2007 06:10 AM
56 byte for esp
20 byte extra for the outer ip header
smallest packet on ethernet(?): 64 byte
so your overhead could be more than 100%
of course you will have big packets on your net as well - for user data, file transfers etc.
11-26-2007 06:53 AM
Thanks vey much for your help ..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide