The reason I posted this question was due to the conflicting info I've heard regarding the upgrade to 3DES.
I posed this question to a TAC engineer who sent it to the whole floor of TAC engineers (senior/junior) looking for any horror stories with 3DES. They overwhelmingly state that there is no noticeable impact on performance unless you're passing huge amounts of traffic. Even then, impact is minimal.
The conflict continues...
There is a MAJOR performance hit potentially going to 3DES. Think about it.
Triple DES encrypts data 3 times (168 bits) vs. once (56 bits) for DES. It is 3 times SLOWER than DES, if the 3 Keys are different.
There is a hit on the Client side, as you're asking a laptop or PC to perform the encryptions in SOFTWARE. Same thing on your network equipment side.
Why do you think Cisco offers dedicated Encryption modules (SEP) for its VPN3000 boxes? - so the encryption can be done in dedicated specialized HARDWARE processors.
There's a big performance hit, but only at the beginning of the session when the private key exchange is set up using 3DES and ESP. The data transfer uses this latter key for encryption. After that, there should only be a minor difference in performance. On the 1710 router, you probably have a shortage of memory; I'm not so sure about the PIXs on this score.
The dedicated modules on the high end VPN 3000s are most useful when there's frequent session establishment in a very dynamic environment.