Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
986
Views
0
Helpful
4
Replies

Recommended IPSec standards?

Go to solution
markus.albisser1
Level 1
Level 1

‎12-06-2019 12:13 AM - edited ‎02-21-2020 09:48 PM

Hi all

 

Does Cisco has a good document which gives the recommendations to which standards are today the best practice in terms of security, for IPSec VPNs? Everybody know that DES and 3DES no longer should be used, also DH1-5 are considered as insecure, but unclear for example is for me about SHA1? If there is a good link to what Cisco recommends if setup a new IPSec VPN that would be appreciated.

 

Thanks a lot

Markus

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to markus.albisser1

‎12-06-2019 01:44 AM

Hi,

This cisco post is newer and recommends which IKEv2 algorithms to use from a security and performance perspective. This post in fact references the first NGE guide I linked to, as it's still relevant.

 

HTH

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Rob Ingram
VIP
VIP

‎12-06-2019 12:59 AM

Hi,

Yes DES/3DES/SHA1 algorthims are considered legacy and should be avoided. This Cisco doc covers which algorithms are considered acceptable minimum and also which algorithms are Next Generation Encryption.

 

HTH

0 Helpful

Go to solution
markus.albisser1
Level 1
Level 1
In response to Rob Ingram

‎12-06-2019 01:32 AM

Hi RJI

 

Thanks a lot for your input here. Yes, this document gives the answers, I found it as well but was then not sure if this is still the latest guideline as the time stamp at the end is from October 2015, therefore more than 4 years old. From my point of view a bit old for these recommendations?

 

Thank you

Markus

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to markus.albisser1

‎12-06-2019 01:44 AM

Hi,

This cisco post is newer and recommends which IKEv2 algorithms to use from a security and performance perspective. This post in fact references the first NGE guide I linked to, as it's still relevant.

 

HTH

0 Helpful

Go to solution
markus.albisser1
Level 1
Level 1
In response to Rob Ingram

‎12-06-2019 01:53 AM

Thanks a lot, this helped. Have a good weekend
Markus
0 Helpful
Customers Also Viewed These Support Documents