cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
899
Views
5
Helpful
2
Replies

IPSec Phase 1 and Phase 2

Ibrahim Jamil
Level 6
Level 6

Hello Guys

 

does the below works , i mean are they compatible phase 1 and phase 2 or i should lower it in phase 2

 

 

crypto isakamp policy 10

enc 3des

authentication pre-share

group 2

 

!

 

crypto ipsec transform-set T esp-aes esp-sha-hmac

mode tunnel

 

 

2 Replies 2

Bogdan Nita
VIP Alumni
VIP Alumni

IPSec pahse 1 and phase 2 settings to not need to be compatible.

So any combination of phase 1 and phase 2 would work as long as the vpn peer has the same settings.

They are basically different tunnels, the phase 1 tunnel is only being used to exchange the symmetric key for the phase 2 tunnel.

If you are planning to use the settings on production I would advise to use a better encryption and DH group than 3des and group 2.

https://www.cisco.com/c/en/us/about/security-center/next-generation-cryptography.html

 

HTH

Bogdan 

Hello Bogdna

 

thanks for ur time to answer my thread

 

i m using low encryption in order to stress less the CPU of my 2800 router

 

thanks