Re: Encryption overheads and general performance qs

---

• From: Terry Dalton <terence_daltonNOSPAM@xxxxxxxxxxxxxx>
• Date: Wed, 06 Jul 2005 05:15:49 GMT

---

"hals left" <cc900630@xxxxxxxxx> wrote in news:1120080167.320543.289020
@z14g2000cwz.googlegroups.com:

> Hi I have some questions on VPN performanace.
>
> As there are a range of options from PPTP to IPSec tunnel mode, will
> the processing overheads of encryption/decryption increase with the
> different standards ?
>
> Other than more RAM, how else can the performance be increased, are
> there any guides to tuning the performnace of a VPN.
>
> thanks
> hals_left
>
If you have the option you'll always want to use IPSEC it is more secure
than PPTP and is preferred. PPTP is around basically for interoperability
with legacy devices. As far as performance goes look for a device that
does hardware encryption which is much faster than doing encryption in
software. Hardware encryption is typical in newer devices but Cisco still
sells the 3015 VPN concentrator which does a whopping 4Mb 3DES encryption
(yes only 4 Megabits) in software and has a list price of $10,000! When
you are evaluating a VPN device you typically see clear text throughput,
3DES and AES throughput in Mb (megabits). The 3DES (168 bit) and AES ( up
to 256 bit) throughput will give you the best indicator of the speed of
encyrption/decryption. As long as your bandwidth requirements don't exceed
the devices throughput and preferrably leave 20 to 30% headroom for
growth/expansion you should be fine. Don't underestimate the importance of
management and good tech support. I highly recommend Cisco PIX's
especially now that version 7 of their software is out it has every feature
of a dedicated VPN concentrator and a proven firewall that is easy to setup
and manage.
.

---

• References:
  • Encryption overheads and general performance qs
    • From: hals left

• Prev by Date: Re: Good doc for Netscreen VPN client
• Next by Date: Re: best small business vpn solution
• Previous by thread: Encryption overheads and general performance qs
• Next by thread: pam capable vpn server 4 linux
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Test client VPN Connection from Within Local Network ... VPN Client access, it can only be done using PPTP or L2TP/IPSec. ... > box, using PPTP, IPSEC tunnel mode and L2TP/IPSEC? ... (microsoft.public.isa.vpn) Re: VPN PPTP problem ... Why the PPTP and GRE packets receive the SBS but the PPTP ... VPN cannot establish? ... (microsoft.public.windows.server.sbs) Re: Unable to make VPN connection to ISA 2006 Standard ... Router and the isa server this nat enabled, then the pptp tunnel will fail? ... If i initialize an vpn connection with a windows client, ... (microsoft.public.isa.vpn) Re: PPC VPN woes ... When you connect with PPTP is the connection dropping when you try to access ... but when using movian you shouldn't see that same problem cause movian ... > past week have been trying to get VPN to play nicely. ... With the exception of remote ... (microsoft.public.pocketpc.wireless) Re: WRT54GL with DD-WRT VPN firmware - wheres the beef? ... of the dd-wrt firmware indicated that this firmware allowed box-to-box ... provide for vpn pass-through, ... The router to router VPN is PPTP, ... With DD-WRT STD, you don't need the VPN version to do router to router ... (alt.internet.wireless)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

newsgroups.derkeiler.com  > Archive  > Comp  > comp.dcom.vpn  > 2005-07