Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
901
Views
5
Helpful
2
Replies

IPSec Phase 1 and Phase 2

Ibrahim Jamil
Level 6
Level 6

‎02-06-2018 12:48 AM - edited ‎03-12-2019 04:59 AM

Hello Guys

 

does the below works , i mean are they compatible phase 1 and phase 2 or i should lower it in phase 2

 

 

crypto isakamp policy 10

enc 3des

authentication pre-share

group 2

 

!

 

crypto ipsec transform-set T esp-aes esp-sha-hmac

mode tunnel

 

 

Labels:
0 Helpful
2 Replies 2

Bogdan Nita
VIP Alumni
VIP Alumni

‎02-06-2018 02:22 AM

IPSec pahse 1 and phase 2 settings to not need to be compatible.

So any combination of phase 1 and phase 2 would work as long as the vpn peer has the same settings.

They are basically different tunnels, the phase 1 tunnel is only being used to exchange the symmetric key for the phase 2 tunnel.

If you are planning to use the settings on production I would advise to use a better encryption and DH group than 3des and group 2.

https://www.cisco.com/c/en/us/about/security-center/next-generation-cryptography.html

 

HTH

Bogdan 

Ibrahim Jamil
Level 6
Level 6
In response to Bogdan Nita

‎02-06-2018 02:45 AM

Hello Bogdna

 

thanks for ur time to answer my thread

 

i m using low encryption in order to stress less the CPU of my 2800 router

 

thanks

0 Helpful
Customers Also Viewed These Support Documents