Hi, sorry this is newish to me and a little unclear, so I hope you can help me understand rather than a link :)
I have a few VPN's connected to my Cisco Concentrator, these remote sites use Cisco 877's on DSL lines. They all use this config example (below) for it's VPN, but I believe moving from 3DES/MD5 to AES-256/SHA is better as it's more secure and sometimes quicker?
crypto isakmp policy 1
crypto isakmp key jgC:Gds&85h%1a address 220.127.116.11
crypto ipsec transform-set MY_T_Set esp-3des esp-md5-hmac
crypto map MY_Crypto_Map 10 ipsec-isakmp
set peer 18.104.22.168
set transform-set MY_T_Set
match address 101
So the questions I have are:
1.) What parts of the above config do I need to change to make it more secure using the AES-256/SHA?
2.) Which part is the encryption and which part is the authentication? I take this is phase 1 and 2?
I'm trying to relate it to the concentrators settings as it uses 3 parts relating to the above config:
Authentication = ESP/MD5/HMAC-128
Encryption = 3DES-168
IKE Proposal = IKE-3DES-MD5
Thanks in advance for clearing this up for me.