cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1547
Views
0
Helpful
3
Replies

Should I use DH Group 5 with AES-256/SHA?

whiteford
Level 1
Level 1

Hi, When I trying create a VPN on my Cisco ASA it says I should use GH Grop 5, I normally use 2, is this more secure or faster than?

3 Replies 3

JORGE RODRIGUEZ
Level 10
Level 10

From what I understand Group 5 is the default choice when using AES encryption algorythm, and yes it provides more security than group1 and group2, I don't have a link but I read while back G5 is mostly choosen when implementing L2L connections or vpn clients using certificates. If this is a L2L connection you are working on make sure the other end is also set as such.

http://www.cisco.com/en/US/docs/ios/12_1t/12_1t3/feature/guide/dtgroup5.html

Rgds

Jorge

Jorge Rodriguez

Thanks Jorge,

I can't get DH5 to work, but you say it's using certs which I don't have, DH2 works fine though.

I set the Cisco 877 routers IKE proposal to use AES-256/SHA and it uses AES-128 instead although the IPsec tunnel uses AES-256/SHA, could there be a reason for this?

Hi,

Can you post your config?

Regards,

Dandy

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: