Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1573
Views
0
Helpful
3
Replies

Should I use DH Group 5 with AES-256/SHA?

whiteford
Level 1
Level 1

‎02-19-2008 06:45 AM - edited ‎03-03-2019 08:46 PM

Hi, When I trying create a VPN on my Cisco ASA it says I should use GH Grop 5, I normally use 2, is this more secure or faster than?

Labels:
0 Helpful
3 Replies 3

JORGE RODRIGUEZ
Level 10
Level 10

‎02-19-2008 09:21 AM

From what I understand Group 5 is the default choice when using AES encryption algorythm, and yes it provides more security than group1 and group2, I don't have a link but I read while back G5 is mostly choosen when implementing L2L connections or vpn clients using certificates. If this is a L2L connection you are working on make sure the other end is also set as such.

http://www.cisco.com/en/US/docs/ios/12_1t/12_1t3/feature/guide/dtgroup5.html

Rgds

Jorge

Jorge Rodriguez
0 Helpful

whiteford
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎02-20-2008 07:00 AM

Thanks Jorge,

I can't get DH5 to work, but you say it's using certs which I don't have, DH2 works fine though.

I set the Cisco 877 routers IKE proposal to use AES-256/SHA and it uses AES-128 instead although the IPsec tunnel uses AES-256/SHA, could there be a reason for this?

0 Helpful

Danilo Dy
VIP Alumni
VIP Alumni
In response to whiteford

‎03-01-2008 07:01 PM

Hi,

Can you post your config?

Regards,

Dandy

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card