I have a site to site VPN that has been working fine through Ipsec for the past 2 years. However, it is slow. Each site is on a dedicated 100/100 connection, yet I can't usually get over 20Mb/s on the ipsec vpn. I know Ipsec has considerable overhead for security, and this should be expected.
My question is, if I was to upgrade both hosts (which are currently E5500 era xeons with 12g of ram) to a newer processor that supported the AES-NI instruction set, would I see a substantial increase in my speed? Mind you, this is of course talking about pure IPSEC speed, I understand how other activity will lower my rates. I'm getting at max 20Mb/s when there is no other activity happening on the devices i.e. I've disconnected the lan and am connecting back and forth directly from the boxes.