Improving VPN performance - stronger encryption = more performance?

Solution 1:

AES is faster than 3DES because of the algorithm design (number of rounds, etc.), not because of the key size/encryption strength. I don't know much about SonicWall products, but I'd assume that the firewall product should be able to pass traffic at line speed for a T1, so there may be some issues there.

I'm not sure why you'd see performance that's worse when you turn off encryption, but if you don't need encryption, as Antoine Benkemoun said, you don't really need IPSec, especially not ESP (tunnel mode).

Solution 2:

I don't know your exact setup, but one common explanation for worse performance turning off encryption behaviour is that you don't only use encryption, but also compression. Turning off both encryption and compression significantly reduces performance, especially if your packets start going over the MTU and getting fragmented frequently. Did you check so you don't usually run with IPComp?

You should also check if there is anything weird on the line when you turn off the encryption. I recommend sticking a sniffer such as wireshark in there and having a look both with and without encryption turned on. It should give you a much better idea what is happening.

The speeds we are speaking about here are so slow that almost any hardware can do the encryption without noticeable delay, so I would guess the encryption overhead is a red herring.