In a new environment one of the projects left behind by a predecessor was to upgrade the encryption on their DMVPN from 3DES to AES 256. That's a good goal to be up to modern standards. But I see a lot of other areas of greater vulnerability. And the update and verification of hundreds of spoke sites will take considerable time. My question: how vulnerable is a 3DES encrypted DMVPN network?