IPSEC paramenters with least overhead???

From: Anthony Pace (anthonypace@fastmail.fm)
Date: Wed May 26 2004 - 11:13:33 GMT-3

• Next message: Phil: "Re: 3550 switch commands on Doc CD"
• Previous message: Tim Ross: "RE: When are we ready for the lab ?"
• Next in thread: Mark Lewis: "RE: IPSEC paramenters with least overhead???"
• Maybe reply: Mark Lewis: "RE: IPSEC paramenters with least overhead???"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I am trying to find a combination of IPSEC parameters, which would have
the least amount of processor overhead. Maximum security is not a huge
requirement so simple encryption would be ok. For this reason I am
replacing IPSEC with GRE (where possible) but where IPSEC is the "lowest
common denominator" I want to use the simplest "flavor".

I have a 3-way full mesh of IPSEC tunnels between a Cisco-806,
Cisco-1605, and a Computer running Checkpoint Firewall-1. The processor
utilization on the 806 and 1605 is very high.

- I will replace the IPSEC with GRE between the 806 and 1605

- I will not use Triple-DES

What are the "leanest" IPSEC parameters? I am researching this using
books and the Internet but it seemed like something that someone on this
list might have some insights into.

Anthony Pace CCIE 10349

-- 
  Anthony Pace
  anthonypace@fastmail.fm
-- 
http://www.fastmail.fm - Or how I learned to stop worrying and
                          love email again

• Next message: Phil: "Re: 3550 switch commands on Doc CD"
• Previous message: Tim Ross: "RE: When are we ready for the lab ?"
• Next in thread: Mark Lewis: "RE: IPSEC paramenters with least overhead???"
• Maybe reply: Mark Lewis: "RE: IPSEC paramenters with least overhead???"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Jun 02 2004 - 11:12:17 GMT-3