Security vs performance

Unanswered Question
Oct 6th, 2008
User Badges:

Hi


Apologies if this has been asked before but I couldn't see an answer when I searched.


I have a Cisco 3005 Concentrator with 64MB RAM. I am intending to use only Cisco VPN software and hardware clients with X.509 certificates. I have successfully tested IPSEC connections using the following configuration:


Authentication Mode: RSA Digital Certificates (XAUTH)

Authentication Algorithm: SHA/HMAC-160

Encryption Algorithm: AES-256

Diffie-Hellman Group: Group 5 (1536 bits)


Obviously this is good security-wise (could it be any stronger?) however I wonder what the performance implications are of using HMAC with SHA1 and AES-256 on the 3005 range are? I don't envisage us ever having more than about 50 concurrent tunnels, certainly no more than the 200 which are supposedly supported with 64MB RAM. I also intend to configure load balancing once I have upgraded our other 3005 to 64MB RAM.


Any advice you could give on recommended configuration for performance versus security would be gratefully received.


Thanks

Karl

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sadbulali Mon, 10/13/2008 - 07:10
User Badges:
  • Bronze, 100 points or more

The configuration you have mentioned is a good one and it will be effective and strong.The Cisco VPN Client supports these IPSec attributes:

•Authentication Algorithms:


ESP-MD5-HMAC-128

ESP-SHA1-HMAC-160


•Authentication Modes:


Preshared Keys

X.509 Digital Certificates


Actions

This Discussion