12-15-2012 06:07 PM - edited 02-21-2020 06:33 PM
Dear Cisco
I would like to know if I have only using IKEV2 to connect site to site VPN with Cisco 5505 device to connect few site. Which encryption method is better to choose with faster and stable IPsec encryption proposal
AES256, AES192, AES, 3DES, DES ?? which one is the best in IKEV2 site to site VPN tunnel?
Best regards
Alan
Solved! Go to Solution.
12-16-2012 01:20 AM
AES is faster than DES algorithm, so i would rule out both DES or 3DES.
If you would like the most secure of the AES, then pls use AES256
12-16-2012 01:20 AM
AES is faster than DES algorithm, so i would rule out both DES or 3DES.
If you would like the most secure of the AES, then pls use AES256
12-17-2012 12:12 PM
You shouldn't use DES any more, nowaday it is not far away from cleartext.
3DES won't be broken in the next time, but it's an outdated algorithm.
AES with all three bitlengths are fine. And they are all recommended on http://www.keylength.com/.
But instead of using AES256 I prefer AES128. Bruce Schneier once wrote in his blog that he assumes that the "security-margin" in AES128 will be higher because of weaknesses that are only present in AES256.
Sent from Cisco Technical Support iPad App
12-17-2012 06:09 PM
Dear Karsten
There is on option to select AES128 in IPsec Proposal. Can I use AES192 instead?
Best regards
Alan.
12-17-2012 09:04 PM
AES with 128 bit key is presented as just AES in the IPSEC Proposal. So you can choose just AES.
Here is the command for your reference:
http://www.cisco.com/en/US/docs/security/asa/asa91/command/reference/e.html#wp2028135
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide