Showing results for 
Search instead for 
Did you mean: 
Cisco Community November 2020 Spotlight Award Winners

IPSec overhead calculator tool


With the increasing popularity of IPSec VPN deployments on the Internet, there is often a need to understand the exact IPSec and other tunnel encapsulation overhead in order to determine the fragmentation boundary conditions for optimal MTU/MSS tuning, or to perform bandwidth budgeting on low-bandwidth links. Given these overheads vary depending on the specific IPSec protocols and algorithms used, we have developed a tool to make this task easier, and it can be found here:

IPSec Overhead Calculator Tool

This tool was just recently updated with an improved user interface and IPv6 support. Check it out and feel free to provide feedback or improvement ideas by clicking on the Feedback icon on the top right corner of the page.

Note, even though most of the overhead calculation for this tool is standard RFC based, some can be implementation specific, such as ESP padding. For those calculations, the tool is based on the Cisco IOS/IOS-XE implementation. 

Here is an example user input:


The result output of the tool:



We are using (with ASR 1001-X):

GRE over IPSec + Tunnel Key


Tunnel Mode "Transport"

ESP Encryption "ESP-GCM-256"

ESP Integrity "none"

AH Integrity "none"


Wireshark and Cisco Counters at the Router show an Overhead from 62 Bytes.

The "IPSec Overhead Calculator Tool" shows an Overhead from 64 Bytes.

I think the calculation is wrong in the "IPSec Overhead Calculator Tool".

Can you please check this?


Excellent tool - could you add the original IP header size to the "packet details"

Content for Community-Ad