02-19-2008 06:45 AM - edited 03-03-2019 08:46 PM
Hi, When I trying create a VPN on my Cisco ASA it says I should use GH Grop 5, I normally use 2, is this more secure or faster than?
02-19-2008 09:21 AM
From what I understand Group 5 is the default choice when using AES encryption algorythm, and yes it provides more security than group1 and group2, I don't have a link but I read while back G5 is mostly choosen when implementing L2L connections or vpn clients using certificates. If this is a L2L connection you are working on make sure the other end is also set as such.
http://www.cisco.com/en/US/docs/ios/12_1t/12_1t3/feature/guide/dtgroup5.html
Rgds
Jorge
02-20-2008 07:00 AM
Thanks Jorge,
I can't get DH5 to work, but you say it's using certs which I don't have, DH2 works fine though.
I set the Cisco 877 routers IKE proposal to use AES-256/SHA and it uses AES-128 instead although the IPsec tunnel uses AES-256/SHA, could there be a reason for this?
03-01-2008 07:01 PM
Hi,
Can you post your config?
Regards,
Dandy
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: