05-07-2002 01:03 PM - edited 02-21-2020 11:44 AM
Hi,
Has anyone experienced a significant performance hit moving from DES to 3DES on the following VPN devices: PIX515, PIX520, 1710 router?
Your input is appreciated.
Thanks.
05-09-2002 01:23 PM
Yes there is a major performance hit going between the two..... We tried it and found out it wasent worth it and went back to single DES
05-10-2002 06:45 AM
The reason I posted this question was due to the conflicting info I've heard regarding the upgrade to 3DES.
I posed this question to a TAC engineer who sent it to the whole floor of TAC engineers (senior/junior) looking for any horror stories with 3DES. They overwhelmingly state that there is no noticeable impact on performance unless you're passing huge amounts of traffic. Even then, impact is minimal.
The conflict continues...
05-16-2002 10:59 AM
There is a MAJOR performance hit potentially going to 3DES. Think about it.
Triple DES encrypts data 3 times (168 bits) vs. once (56 bits) for DES. It is 3 times SLOWER than DES, if the 3 Keys are different.
There is a hit on the Client side, as you're asking a laptop or PC to perform the encryptions in SOFTWARE. Same thing on your network equipment side.
Why do you think Cisco offers dedicated Encryption modules (SEP) for its VPN3000 boxes? - so the encryption can be done in dedicated specialized HARDWARE processors.
05-22-2002 09:52 AM
There's a big performance hit, but only at the beginning of the session when the private key exchange is set up using 3DES and ESP. The data transfer uses this latter key for encryption. After that, there should only be a minor difference in performance. On the 1710 router, you probably have a shortage of memory; I'm not so sure about the PIXs on this score.
The dedicated modules on the high end VPN 3000s are most useful when there's frequent session establishment in a very dynamic environment.
05-22-2002 02:33 PM
1710 router has a built in Hardware encryption module... There should not be any performance impact on that side.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide