05-28-2010 01:55 PM
I have multiple VPNs running between some ASA5505s and a 5510. Here are the current encryption settings:
crypto ipsec transform-set myvpnset esp-3des esp-md5-hmac
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash md5
group 1
lifetime 86400
I'd like to make the security stronger on these VPNs, without having any noticeable impact on performance. I was considering changing to the following (changes in red text):
crypto ipsec transform-set myvpnset esp-aes esp-sha-hmac
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
Additionally, I was considering enabling Perfect Forward Secrecy using Diffie-Hellman Group 2.
Does this look like a reasonable path for me to take? Should I also move to AES for my isakmp policy (and then DH Group 5 instead of 2?) Are there any downsides to enabling PFS?
Thank you.
Solved! Go to Solution.
05-29-2010 12:55 AM
RHITCHCOCK wrote:
crypto ipsec transform-set myvpnset esp-aes esp-sha-hmac
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400Additionally, I was considering enabling Perfect Forward Secrecy using Diffie-Hellman Group 2.
Does this look like a reasonable path for me to take? Should I also move to AES for my isakmp policy (and then DH Group 5 instead of 2?) Are there any downsides to enabling PFS?
Thank you.
Hi,
Cisco recomends in training material to use DH-5 for AES-variants, DH-2 for 3DES and DH-1 for DES
DH-5 is a good choice for AES (any variant), it is stronger than DH-2. Use it on Phase 1. Verify hardware acceleration with
show crypto accelerator statistics
Using AES and DH-5 for Phase 1 would also be an improvement.
Pfs will run independent DH-negotiations for each key, resulting in a higher load. The accelerator should handle that if you don't have a very high rate of connections (or better SA-negotiations) per minute.
If you run pfs, make shure that the DH-group matches the encryption strength: DH-5 would be recommended for AES.
Best regards,
MiKa
05-28-2010 01:57 PM
Hi,
Since these are ASAs you should not notice any impact on the performance (encryption is done in hardware).
I'll suggest enabling AES-256 on phase 1 and phase 2 and also SHA on both.
Enabling PFS is enabling a D-H group on phase 2 for more security.
Go for it :-)
Federico.
05-28-2010 02:16 PM
I've read all kinds of conflicting things online about AES-128 vs AES-256. Some people are even claiming that theoretically
AES-256 is LESS secure than AES-128, or that AES-256 is not substantially more secure than AES-128. Any thoughts on that?
05-28-2010 02:26 PM
Must be something I'm not aware of.
AES is not unbreakable, but I've not heard of such problems....
Let's see if somebody else jumps in...
Federico.
05-29-2010 12:35 AM
RHITCHCOCK wrote:
I've read all kinds of conflicting things online about AES-128 vs AES-256. Some people are even claiming that theoretically
AES-256 is LESS secure than AES-128, or that AES-256 is not substantially more secure than AES-128. Any thoughts on that?
Good article on AES security from Bruce Schneier:
http://www.schneier.com/blog/archives/2009/07/another_new_aes.html
There have been some papers on breaking AES especially an attack on AES-256:
Over the past couple of months, there have been two (the second blogged about here) new cryptanalysis papers on AES. The attacks presented in the papers are not practical -- they're far too complex, they're related-key attacks, and they're against larger-key versions and not the 128-bit version that most implementations use -- but they are impressive pieces of work all the same.
This new attack, by Alex Biryukov, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich, and Adi Shamir, is much more devastating. It is a completely practical attack against ten-round AES-256:
There are three reasons not to panic:
The most accurate answer would probably what Bruce Schneier stated:
And for new applications I suggest that people don't use AES-256. AES-128 provides more than enough security margin for the forseeable future. But if you're already using AES-256, there's no reason to change.
Hope that helps on AES 128/256. AES-128 is robust enough for industrial applications and AES-256 has still enough security margin against the latest attack.
05-29-2010 12:55 AM
RHITCHCOCK wrote:
crypto ipsec transform-set myvpnset esp-aes esp-sha-hmac
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400Additionally, I was considering enabling Perfect Forward Secrecy using Diffie-Hellman Group 2.
Does this look like a reasonable path for me to take? Should I also move to AES for my isakmp policy (and then DH Group 5 instead of 2?) Are there any downsides to enabling PFS?
Thank you.
Hi,
Cisco recomends in training material to use DH-5 for AES-variants, DH-2 for 3DES and DH-1 for DES
DH-5 is a good choice for AES (any variant), it is stronger than DH-2. Use it on Phase 1. Verify hardware acceleration with
show crypto accelerator statistics
Using AES and DH-5 for Phase 1 would also be an improvement.
Pfs will run independent DH-negotiations for each key, resulting in a higher load. The accelerator should handle that if you don't have a very high rate of connections (or better SA-negotiations) per minute.
If you run pfs, make shure that the DH-group matches the encryption strength: DH-5 would be recommended for AES.
Best regards,
MiKa
06-02-2010 02:08 PM
Thanks for your help, both of you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide