I would like to know if I have only using IKEV2 to connect site to site VPN with Cisco 5505 device to connect few site. Which encryption method is better to choose with faster and stable IPsec encryption proposal
AES256, AES192, AES, 3DES, DES ?? which one is the best in IKEV2 site to site VPN tunnel?
Solved! Go to Solution.
You shouldn't use DES any more, nowaday it is not far away from cleartext.
3DES won't be broken in the next time, but it's an outdated algorithm.
AES with all three bitlengths are fine. And they are all recommended on http://www.keylength.com/.
But instead of using AES256 I prefer AES128. Bruce Schneier once wrote in his blog that he assumes that the "security-margin" in AES128 will be higher because of weaknesses that are only present in AES256.
Sent from Cisco Technical Support iPad App
AES with 128 bit key is presented as just AES in the IPSEC Proposal. So you can choose just AES.
Here is the command for your reference: