You're MTU should be 1412... NEVER set it that big... fragmention will happen in the process switched path... not in the cef and fast switched paths. This will eat up router cpu and decrease packet forward abilities regardless of the vpn accelerator. Frags will have to be reassembled by the cpu prior to being decrypted in the accelerator... very nasty.
if you use MTU of 1412 with path discovery (or clear df bit option in global config) you will be okay.
Now, AES is faster than DES with the default crypto accelerator that ships with the non vpn bundle package (AIM EP II).
Are you waiting long enought to calculate accurate results ? are you running into another issue ? (like speed/duplex mismatch on the config during the aes test ?)
Was the only thing you changed the transform set and then you saw the slow speed ?
You should excecute show crypto engine config (as the previous post stated) and see something like this..
------------------ show crypto engine configuration ------------------
crypto engine name: Virtual Private Network (VPN) Module crypto engine type: hardware State: Enabled Location: aim 0 VPN Module in slot: 0 Product Name: AIM-VPN/EPII-PLUS Software Serial #: 55AA Device ID: 001E - revision 0000 Vendor ID: 13A3 Revision No: 0x001E0000 VSK revision: 0 Boot version: 255 DPU version: 0 HSP version: 2.3(22) (ALPHA) Time running: 1w6d Compression: Yes DES: Yes 3 DES: Yes AES CBC: Yes (128,192,256) AES CNTR: No Maximum buffer length: 4096 Maximum DH index: 2000 Maximum SA index: 2000 Maximum Flow index: 4000 Maximum RSA key size: 2048
AES should be supported also in the built in accelerator as well.
Make sure you have this command entered
crypto engine accelerator
perhaps you removed a default command ?
read this doc...