Good morning,  we have 80+ small to large branch offices currently connected over DMVPN.  All sites are running 3DES/MD5 etc and I am planning on migrating them to AES256/SHA512.  Since we have a mix of routing platforms ranging from 800 Series to 4K, I have been doing some crypto performance benchmarking.  In my lab I have 2 1941 ISRG2 routers directly attached to each other over their GigabitEthernet0/0 ports using a network cable.  On each router's GigabitEthernet0/1 I have a laptop.  One of the routers is acting as Hub and the other is the spoke.  I am running EIGRP.  Everything is up and running and I am able to ping both laptops from one another.  In order to benchmark some connection timings and speeds, I first established IPSEC using 3DES/MD5 for ISAKMP, esp-3des and MD5 hmac for IPSEC.  Then I started an 8 Gigabyte FTP file transfer from one laptop to another.  At the peak, I was able to hit speeds of 64Mbps@around 93% CPU usage.  I then changed crypto paramters to use AES256/Sha512 for both ISAKMP and IPSEC, and was able to hit 72Mbps @ 94%.  

My questions, first of all, is this a good way to do benchmarking?  Secondly, why was able to transfer the same file 2 minutes quicker when using crypto parameters that require more resource usage than the ones that do not.  

Third and final question, based on Cisco's rating the 1900 Series routers are ratified for about 20-30 Mbps of IPSEC throughput.  How in the world was I able to hit 72Mbps using IPSEC???  I know I am doing something wrong but what is it?