IPsec Tunnel

Question

Hey Everyone, 
 
 I have an IPsec tunnel connecting multiple offices together and was wondering if someone could guide me to a better solution possibly? 
 
 My Question is that I am having data being transferred between the different sites continuously and was curious what the throughput would be for my current setup and if there is a better config that provides good security/speeds? 
 
 Heres my current config; 
 IKE: Auth PSK / Enc 3DES_CBC / Hash HMAC_MD5 / Lifetime 28800s / DPD ESP: Enc 3DES_CBC / Hash HMAC_MD5 / Lifetime 28800s

DouglasFoster · Answer

Add overhead by changing to sha2 and aes or newer emcryption. 
 Then use ping -f -l to find the maximum packet that can pass the tunnel without fragmentation. Lower your inside mtu to that value or less. Some overhead is variable, so adjusting downward can be needed. You want to ensure that the packets can have ipsec overhead added without causing fragmentation of the original packet into multiple pieces.