Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
318
Views
0
Helpful
1
Replies

Security vs performance

karlrussell
Level 1
Level 1

‎10-06-2008 11:00 PM

Hi

Apologies if this has been asked before but I couldn't see an answer when I searched.

I have a Cisco 3005 Concentrator with 64MB RAM. I am intending to use only Cisco VPN software and hardware clients with X.509 certificates. I have successfully tested IPSEC connections using the following configuration:

Authentication Mode: RSA Digital Certificates (XAUTH)

Authentication Algorithm: SHA/HMAC-160

Encryption Algorithm: AES-256

Diffie-Hellman Group: Group 5 (1536 bits)

Obviously this is good security-wise (could it be any stronger?) however I wonder what the performance implications are of using HMAC with SHA1 and AES-256 on the 3005 range are? I don't envisage us ever having more than about 50 concurrent tunnels, certainly no more than the 200 which are supposedly supported with 64MB RAM. I also intend to configure load balancing once I have upgraded our other 3005 to 64MB RAM.

Any advice you could give on recommended configuration for performance versus security would be gratefully received.

Thanks

Karl

Labels:
0 Helpful
1 Reply 1

sadbulali
Level 4
Level 4

‎10-13-2008 07:10 AM

The configuration you have mentioned is a good one and it will be effective and strong.The Cisco VPN Client supports these IPSec attributes:

•Authentication Algorithms:

ESP-MD5-HMAC-128

ESP-SHA1-HMAC-160

•Authentication Modes:

Preshared Keys

X.509 Digital Certificates

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents