Should I use DH Group 5 with AES-256/SHA?

Unanswered Question
Feb 19th, 2008

Hi, When I trying create a VPN on my Cisco ASA it says I should use GH Grop 5, I normally use 2, is this more secure or faster than?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Tue, 02/19/2008 - 09:21

From what I understand Group 5 is the default choice when using AES encryption algorythm, and yes it provides more security than group1 and group2, I don't have a link but I read while back G5 is mostly choosen when implementing L2L connections or vpn clients using certificates. If this is a L2L connection you are working on make sure the other end is also set as such.



whiteford Wed, 02/20/2008 - 07:00

Thanks Jorge,

I can't get DH5 to work, but you say it's using certs which I don't have, DH2 works fine though.

I set the Cisco 877 routers IKE proposal to use AES-256/SHA and it uses AES-128 instead although the IPsec tunnel uses AES-256/SHA, could there be a reason for this?


This Discussion