Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
361
Views
0
Helpful
1
Replies

vpn with aes

eppiet
Level 1
Level 1

‎01-21-2004 02:25 PM - edited ‎02-21-2020 01:00 PM

Pix user guide 6.3 said that aes need DH group 5. The Cisco VPN client documentation for vpn client 4.03 has example showing DH with group 2.

I tried both and it only seem to work with group 2.

Has anyone get any success with group 5.

Thanks

Eppie

Labels:
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎01-21-2004 03:10 PM

If you're using pre-shared keys (which is a standard group name and password in VPN3000 land), then the VPN client will use AES with DH Group 2. If you're using certificate's then it will use DH Group 5 with AES.

The admin guide here (http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/3_6/admin_gd/vcach6.htm#1157757) details all the IKE policies that the VPN client has, you can see with pre-shared keys AES is only negotiated with DH2.

0 Helpful
Customers Also Viewed These Support Documents