01-30-2007 11:05 AM
I have a client ( a Dr. Office) that is connection to their Main Site remotely using the Cisco VPN client on a workstation. The Main office has a PIX 501 that receives the VPN connection successfully when the VPN client is launched from the remote site.
While the tunnel is up and working, it does take an exhorbitant amount of time to get apps to work thru it.
Is there a way to tell the Cisco VPN client how to use DES vs. Triple DES?? I have 3DES configured on the PIX and I do know how to change it there.
I just dont see anywhere in the VPN client that would allow me to change to DES....
Is there any other recommendations for getting more performance thru the tunnel??
Thanks
01-30-2007 11:41 AM
The client gets the encryption from the PIX. Your ISAKMP policies dictate what will be used by the policy number. Here's an example-
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 30 authentication pre-share
isakmp policy 30 encryption 3des
isakmp policy 30 hash sha
isakmp policy 30 group 2
isakmp policy 30 lifetime 86400
The VPN client will try and use policy 10 before policy 30. If the client is not compatible with 10, it will go down the list to 30 and try that one.
HTH and please rate.
01-30-2007 01:05 PM
I would bet your issue has less to do with encrytion type, and more to do with either bandwidth or fragmentation.
01-30-2007 02:09 PM
DES or 3DES gets ditacted by the headend device and there is no setting on the VPN client to say which encryption standard to use.
With regard to your problem, have you tried simple ping tests with packet sizes ranges from 1100 to 1400 for a particular applications server that you are trying to access.
See where it fails. Set the MTU to that packet size and let me know the results.
Thanks
Gilbert
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide