Hi, I have a site-to-site VPN using a Cisco 877 on a DSL line connect to our Cisco Concentrator. I have had it using 3DES/MD5 for the IKE proposal and IPsec session but want to move over to AES-256/SHA.
Anyway I changed it over and the tunnel came up however for the IKE session it uses AES-128/SHA1 and not AES-256/SHA1.
This is what the Cisco Concentrator shows:
IKE Session
Session ID 1
Encryption Algorithm AES-128
Hashing Algorithm SHA-1
Diffie-Hellman Group Group 2 (1024-bit)
Authentication Mode Pre-Shared Keys
IKE Negotiation Mode Main
Rekey Time Interval 86400 seconds
IPSec Session
Session ID 2
Remote Address 172.19.2.0/0.0.0.255
Local Address 0.0.0.0/255.255.255.255
Encryption Algorithm AES-256
Hashing Algorithm SHA-1
Encapsulation Mode Tunnel
Rekey Time Interval 3600 seconds
Rekey Data Interval 4608000 KBytes
Bytes Received 148368
Bytes Transmitted 152480
What do you think? Why is it not using AES-256, AES-128 is in my IKE proposal list as activated and it's below AES-256, so it should use AES-256 first and if not try AES-128.
Thanks in advance for yout help