cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
550
Views
0
Helpful
4
Replies
Highlighted
Beginner

IPsec encryption proposal

Dear Cisco

I would like to know if I have only using IKEV2 to connect site to site VPN with Cisco 5505 device to connect few site.  Which encryption method is better to choose with faster and stable IPsec encryption proposal

AES256, AES192, AES, 3DES, DES ?? which one is the best in IKEV2 site to site VPN tunnel?

Best regards

Alan

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

IPsec encryption proposal

AES is faster than DES algorithm, so i would rule out both DES or 3DES.

If you would like the most secure of the AES, then pls use AES256

4 REPLIES 4
Cisco Employee

IPsec encryption proposal

AES is faster than DES algorithm, so i would rule out both DES or 3DES.

If you would like the most secure of the AES, then pls use AES256

VIP Mentor

Re: IPsec encryption proposal

You shouldn't use DES any more, nowaday it is not far away from cleartext.
3DES won't be broken in the next time, but it's an outdated algorithm.

AES with all three bitlengths are fine. And they are all recommended on http://www.keylength.com/.

But instead of using AES256 I prefer AES128. Bruce Schneier once wrote in his blog that he assumes that the "security-margin" in AES128 will be higher because of weaknesses that are only present in AES256.


Sent from Cisco Technical Support iPad App

Beginner

Re: IPsec encryption proposal

Dear Karsten

There is on option to select AES128 in IPsec Proposal.  Can I use AES192 instead?

Best regards

Alan.

Cisco Employee

IPsec encryption proposal

AES with 128 bit key is presented as just AES in the IPSEC Proposal. So you can choose just AES.

Here is the command for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa91/command/reference/e.html#wp2028135