02-06-2018 12:48 AM - edited 03-12-2019 04:59 AM
Hello Guys
does the below works , i mean are they compatible phase 1 and phase 2 or i should lower it in phase 2
crypto isakamp policy 10
enc 3des
authentication pre-share
group 2
!
crypto ipsec transform-set T esp-aes esp-sha-hmac
mode tunnel
02-06-2018 02:22 AM
IPSec pahse 1 and phase 2 settings to not need to be compatible.
So any combination of phase 1 and phase 2 would work as long as the vpn peer has the same settings.
They are basically different tunnels, the phase 1 tunnel is only being used to exchange the symmetric key for the phase 2 tunnel.
If you are planning to use the settings on production I would advise to use a better encryption and DH group than 3des and group 2.
https://www.cisco.com/c/en/us/about/security-center/next-generation-cryptography.html
HTH
Bogdan
02-06-2018 02:45 AM
Hello Bogdna
thanks for ur time to answer my thread
i m using low encryption in order to stress less the CPU of my 2800 router
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide