Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1274
Views
0
Helpful
3
Replies

GDOI GETVPN and different policies

AK59
Level 1
Level 1

‎01-10-2020 07:20 AM - edited ‎02-21-2020 09:50 PM

Dear all, 

 

I'm actually deploying new routers to my GDOI Infrastructure. 

The actual infrastructure is using 3DES as Phase 1 encryption algorithm.  

 

I would like to use AES encryption algorithm for the new routers as it's more secure.  

 

The Key Server can handle AES encryption but not the actual Group Members routers.

 

My question is to know if my new router would be able to communicate with the actual GM routers. 

 

Thanks in advance, 

Labels:
0 Helpful
3 Replies 3

Rob Ingram
VIP
VIP

‎01-10-2020 07:49 AM - edited ‎01-10-2020 07:57 AM

Hi,
All GM routers will need to be configured with the same algortihms, even though the KS supports AES it will also support 3DES, you'll just need to define what to use.


What hardware are you running? I'd be suprised if the old hardware did not support AES.

HTH

0 Helpful

AK59
Level 1
Level 1
In response to Rob Ingram

‎01-10-2020 08:26 AM

I don't think I've been understood clearly. 

 

My question was to know if it was possible to have a KS using AES for some GM and 3DES for others.

 

As a matter of fact, I actually have old Cisco 2901 with ISM VPN module added. 

 

 

0 Helpful

Rob Ingram
VIP
VIP
In response to AK59

‎01-10-2020 08:32 AM

The algorithms in use should be kept the same across all devices.

There is no reason why a 2900 series router cannot do AES, I am pretty sure it can even do the latest Suite B algorithms.
0 Helpful
Customers Also Viewed These Support Documents