cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
983
Views
0
Helpful
3
Replies

What strength of DH Group, Encryption and Authentication Hash do you use?

Hi guys,

Just want to survey a little to understand what people use and prefer.

  • What DH Group do you use or think is sufficient?
  • What Encryption Type & bits do you use?
  • What Hash Type & bits do you use?
  • Do you use the same settings for Phase 2?
  • Do you use PFS DH Group for Phase 2?

 

To make things neater, you can answer in the following format:

Phase 1 ISAKMP Policy

  • DH Group 5
  • AES 128
  • SHA 384

Phase 2 IPsec Policy

  • No PFS 
  • AES 256
  • SHA 256

 

 

 

1 Accepted Solution

Accepted Solutions

Marcin Latosiewicz
Cisco Employee
Cisco Employee

Andrew, 

Cisco's perspective on what customer's should be running at minimum.

http://www.cisco.com/web/about/security/intelligence/nextgen_crypto.html#16

M.

View solution in original post

3 Replies 3

Marcin Latosiewicz
Cisco Employee
Cisco Employee

Andrew, 

Cisco's perspective on what customer's should be running at minimum.

http://www.cisco.com/web/about/security/intelligence/nextgen_crypto.html#16

M.

Hi Marcin,

Thanks. That's very useful.

But does this apply to both phases?

And should phase 2 use PFS DH?

Andrew, 

That applies to all, you should take into consideration whether your platform can support certain features in hardware, especially when thinking about scaling. 

M.