Our corporate network has two remote offices, connecting via VPN to a ASA5515-x located in the data center. Initially both sites were single ISP, however both are now getting secondary providers without the option of BGP. Each office has a Palo Alto 200 firewall pair, which support OSPF and BGP. My plan is to re-purpose two 3825 routers as the new VPN hub, and build parallel site to site tunnels via each ISP, then use BGP or OSPF to load-balance across the tunnels as required.
Reading this doc: http://www.cisco.com/web/partners/downloads/765/tools/quickreference/vpn_performance_eng.pdf it says the throughput for a 3825 is 170 Mbps base and then 175 Mps with AIM-VPN module. Is this correct? If so, why would someone buy the module only to get a 2% performance increase? Can someone offer firsthand experience / read world numbers so I don't have to lab?
As a side note, I also have two 2921s sitting around, but they lack the security license and wouldn't be much faster than the 3825s regardless.