cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.
Get the latest news in this issue of the Cisco Small Business Monthly Newsletter

630
Views
0
Helpful
1
Replies
Highlighted
Beginner

RV220 configuration

I have two RV220's to form a VPN tunnel between offices.

My questions are

1) The default encryption is 3DES... Should I change this to something else.... PROs & CONs?

2) REMOTE LOGGING requires an SMTP.. No chance to SAVE FILES.. So, all my emails require SSL authentication for SMTP... I don't see how to do this in REMOTE LOGGING?

3) Should I enable a PFS KEY GROUP? If so, what does it give me?

1 REPLY 1
Highlighted
Participant

1- you can set the encryption to AES- <bitlength>  and while both are secure, the AES is a newer algo and supercedes DES, and longer bit length makes it take longer to brute force decrypt.  Think billion years instead of million years.  there is a little more overhead, but with just one site to site, it shouldn't load the router much.

 

2- you can do syslog on this device and send the messages to a syslog server. or if you are using google for your mail, they have an unencrypted smtp portal, instructions here... 

https://support.google.com/a/answer/176600?hl=en

If your device or application does not support SSL - connect to aspmx.l.google.com on port 25.

You must configure an SPF record for your domain with the IP address of the device or application to ensure that recipients do not reject mail sent from it. You must also add this IP address to the Email Whitelist box in your Google Admin console. For example, if your sending device sends from 123.45.67.89, add that address to your SPF record without removing the Google Apps mail servers from the record: v=spf1 ip4:123.45.67.89 include:_spf.google.com ~all

 

3- PFS is perfect forward secrecy, and allows the handshake to be slightly more secure (needs to be enabled on both sides), and prevents reuse of encryption keys.  http://en.wikipedia.org/wiki/Forward_secrecy

Dan