Thanks for the response!

It appears as though the crypto accelerator is now working, I see the statistics incrementing now.

I suppose the crypto accelerator is a lot slower than I originally thought.

Test-RTR1#sh crypto engine accelerator statistic

Device:   NETGX
Location: Onboard: 0
    Onboard Virtual Private Network (VPN) Module
        Statistics for Onboard Virtual Private Network (VPN) Module
        since the last clear of counters 652 seconds ago
           1472341 packets in                   1472341 packets out
        1453200288 bytes in                  1487730580 bytes out
              2258 paks/sec in                     2258 paks/sec out
             17824 Kbits/sec in                   18248 Kbits/sec out
            498980 packets decrypted             973361 packets encrypted
          70310704 bytes before decrypt      1382889584 bytes encrypted
          34789708 bytes decrypted           1452940872 bytes after encrypt
                 0 packets decompressed               0 packets compressed
                 0 bytes before decomp                0 bytes before comp
                 0 bytes after decomp                 0 bytes after comp
                 0 packets bypass decompr             0 packets bypass compr
                 0 bytes bypass decompr               0 bytes bypass compr
                 0 packets not decompress             0 packets not compressed
                 0 bytes not decompressed             0 bytes not compressed
             1.0:1 compression ratio              1.0:1 overall
                 0 commands out                       0 commands acknowledged
    Last 5 minutes:
            696233 packets in                    696233 packets out
              2320 paks/sec in                     2320 paks/sec out
          18582298 bits/sec in                 19027274 bits/sec out
          16469194 bytes decrypted            654353534 bytes encrypted
                54 Kbits/sec decrypted             2181 Kbits/sec encrypted
             1.0:1 compression ratio              1.0:1 overall
    Errors:
        pkts dropped:   50
        rx_no_endp:     0   rx_hi_discards:  0     fw_failure:        0
        invalid_sa:     0   invalid_flow:    0     netgx sessions:    2
        fw_qs_filled:   50  fw_resource_lock:0     lotx_full_err:     0
        null_ip_error:  0   pad_size_error:  0     out_bound_dh_acc:  0
        esp_auth_fail:  0   ah_auth_failure: 0     crypto_pad_error:  0
        ah_prot_absent: 0   ah_seq_failure:  0     ah_spi_failure:    0
        esp_prot_absent:0   esp_seq_fail:    0     esp_spi_failure:   0
        obound_sa_acc:  0   invalid_sa:      0     out_bound_sa_flow: 0
        invalid_dh:     0   bad_keygroup:    0     out_of_memory:     0
        no_sh_secret:   0   no_skeys:        0     invalid_cmd:       0
        tx_hi_drops:    0   comp_aborted:    0     pak_too_big:       0
        ownership_err:  0   null_data:       0     reqId mismatch:    0
        delta_out_of_range:     0
        pak_mp_length_spec_fault: 0
        tx_lo_queue_size 0  tx_lo_count 0
        tx_lo_queue_size_max 0  cmd_unimplemented: 0
        Interrupts: Notify = 0, Reflected = 0, Spurious = 0
        ring limit:64  current desc used: 0  current ring index: 50
        wait session queue: 0 msg   session buf queue: 1024
Test-RTR1#sh int tun0
Tunnel0 is up, line protocol is up
  Hardware is Tunnel
  Internet address is 10.32.128.1/30
  MTU 1514 bytes, BW 9 Kbit/sec, DLY 500000 usec,
     reliability 255/255, txload 241/255, rxload 255/255
  Encapsulation TUNNEL, loopback not set
  Keepalive not set
  Tunnel source 192.168.0.1 (FastEthernet0/1), destination 192.168.0.2
  Tunnel protocol/transport GRE/IP
    Key disabled, sequencing disabled
    Checksumming of packets disabled
  Tunnel TTL 255
  Fast tunneling enabled
  Path MTU Discovery, ager 10 mins, min MTU 92, MTU 0, expires never
  Tunnel transmit bandwidth 8000 (kbps)
  Tunnel receive bandwidth 8000 (kbps)
  Tunnel protection via IPSec (profile "test-profile")
  Last input 00:00:08, output 01:28:53, output hang never
  Last clearing of "show interface" counters 00:11:00
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 24
  Queueing strategy: fifo
  Output queue: 0/0 (size/max)
  5 minute input rate 405000 bits/sec, 714 packets/sec
  5 minute output rate 15242000 bits/sec, 1363 packets/sec
     505923 packets input, 35288577 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     984687 packets output, 1399041974 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out

Hi Sean,

Although you have gotten all the answers you needed, I thought you might be interested in knowing that because the on-board crypto engine is not that powerful, as you have seen yourself, Cisco was selling additional accelerator modules (AIM-VPN) for these routers that provided additional processing power for the crypto operations. See the following datasheet for more details:

http://www.cisco.com/c/en/us/products/collateral/routers/2800-series-integrated-services-routers-isr/data_sheet_vpn_aim_for_18128003800routers.html

Best regards,
Peter