Solved: What strength of DH Group, Encryption and Authentication Hash do you use?

Andrew Xue Zheng Lay · ‎04-15-2015

Hi guys,

Just want to survey a little to understand what people use and prefer.

What DH Group do you use or think is sufficient?
What Encryption Type & bits do you use?
What Hash Type & bits do you use?
Do you use the same settings for Phase 2?
Do you use PFS DH Group for Phase 2?

To make things neater, you can answer in the following format:

Phase 1 ISAKMP Policy

DH Group 5
AES 128
SHA 384

Phase 2 IPsec Policy

No PFS
AES 256
SHA 256

Marcin Latosiewicz · ‎04-15-2015

Andrew,

Cisco's perspective on what customer's should be running at minimum.

http://www.cisco.com/web/about/security/intelligence/nextgen_crypto.html#16

M.

View solution in original post

Marcin Latosiewicz · ‎04-15-2015

Andrew,

Cisco's perspective on what customer's should be running at minimum.

http://www.cisco.com/web/about/security/intelligence/nextgen_crypto.html#16

M.

Andrew Xue Zheng Lay · ‎04-16-2015

Hi Marcin,

Thanks. That's very useful.

But does this apply to both phases?

And should phase 2 use PFS DH?

Marcin Latosiewicz · ‎04-16-2015

Andrew,

That applies to all, you should take into consideration whether your platform can support certain features in hardware, especially when thinking about scaling.

M.