12-06-2019 12:13 AM - edited 02-21-2020 09:48 PM
Hi all
Does Cisco has a good document which gives the recommendations to which standards are today the best practice in terms of security, for IPSec VPNs? Everybody know that DES and 3DES no longer should be used, also DH1-5 are considered as insecure, but unclear for example is for me about SHA1? If there is a good link to what Cisco recommends if setup a new IPSec VPN that would be appreciated.
Thanks a lot
Markus
Solved! Go to Solution.
12-06-2019 01:44 AM
Hi,
This cisco post is newer and recommends which IKEv2 algorithms to use from a security and performance perspective. This post in fact references the first NGE guide I linked to, as it's still relevant.
HTH
12-06-2019 12:59 AM
Hi,
Yes DES/3DES/SHA1 algorthims are considered legacy and should be avoided. This Cisco doc covers which algorithms are considered acceptable minimum and also which algorithms are Next Generation Encryption.
HTH
12-06-2019 01:32 AM
Hi RJI
Thanks a lot for your input here. Yes, this document gives the answers, I found it as well but was then not sure if this is still the latest guideline as the time stamp at the end is from October 2015, therefore more than 4 years old. From my point of view a bit old for these recommendations?
Thank you
Markus
12-06-2019 01:44 AM
Hi,
This cisco post is newer and recommends which IKEv2 algorithms to use from a security and performance perspective. This post in fact references the first NGE guide I linked to, as it's still relevant.
HTH
12-06-2019 01:53 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide