Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1049
Views
0
Helpful
3
Replies

Lan to Lan Ipsec Encryption

bmurray
Level 1
Level 1

‎12-27-2012 03:21 PM - edited ‎02-21-2020 06:35 PM

          Is there a best practices document on lan to lan encryption configuration for phase 1 and phase 2?

Using Asa 8.2 and 9.1        

Labels:
0 Helpful
3 Replies 3

Andrew Phirsov
Level 7
Level 7

‎12-27-2012 10:47 PM

What about config guides on cisco.com for corresponding ASA OS versions? I think it's all explained there on which algorithms do what kind of performance impact/ which one faster or slower and all that in comparsion.

0 Helpful

Hardik Vaidh
Level 1
Level 1

‎01-01-2013 10:45 AM

Dear bmurray

crypto isakmp policy 1
encr 3des

hash md5
authentication pre-share
group 2
crypto isakmp key XXX address (peer ip)  // insted of xxx write key whatever you want but make sure both side must b match

crypto ipsec transform-set 192.168.1.1 esp-3des esp-md5-hmac

0 Helpful

Daniel Leonard
Level 1
Level 1

‎01-01-2013 03:14 PM

Maybe this post will be helpful; https://supportforums.cisco.com/message/3813984#3813984

I've asked about VPN encryption and did some research. To my way of thinking, go for IKEv2 and AES-256 encryption in both phases. Use DH-group 14 or 24, and pfs 5. I think this will be the best option available for all asa series from release 9 (when considering hardware limitations).

Please mark answered for helpful posts.

Sent from Cisco Technical Support iPhone App

Please rate or mark answered for helpful posts.
0 Helpful
Customers Also Viewed These Support Documents