Networking applications, such as VPN and content filtering, demand extra computing power in order to meet the throughput requirement nowadays. In addition to pure ASIC solutions, network processor architecture is emerging as an alternative to scale up data-plane processing while retaining design flexibility. This article, rather than proposing new algorithms, illustrates the experience in developing IPSec-based VPN gateways over network processors, and investigates the performance issues. The external benchmarks reveal that the system can reach 45Mbps for IPSec using 3DES algorithm, which improves by 350% compared to single XScale core processor and parallels the throughput of a PIII 1GHz processor. Through the internal benchmarks, we analyze the turnaround times of the main functional blocks, and identify the core processor as the performance bottleneck for both packet forwarding and IPSec processing.