L2L Tunnel / Remote access Encryption choice

Answered Question
Apr 9th, 2010

Hi All,

When the ASA suports below encryptions...

TEST-ASA(config-isakmp-policy)# encryption ?

crypto-isakmp-policy mode commands/options:

  3des        3des encryption
  aes          aes-128 encryption
  aes-192    aes-192 encryption
  aes-256    aes-256 encryption
  des           des encryption

leaving DES, what is the recomended encryption in general for L2L / Remote access VPN configs (considering thruput and overhead).

TIA

MS

I have this problem too.
0 votes
Correct Answer by Federico Coto F... about 6 years 9 months ago

Yes.

The longest the encryption key the more secure it is, but more processing-demanding.

Federico.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Federico Coto F... Fri, 04/09/2010 - 14:07

Hi,

AES is the new standard and preferred method.

Its thrughout is better than 3DES and more secure than both DES and 3DES.

In fact, DES is no longer recommended.

If you can use AES go for it and chose the key size (that might have a performance impact).

Federico.

mvsheik123 Fri, 04/09/2010 - 14:12

Hi ,

Thanks for the reply. So AES --> aes-128 is better than 3DES..? aes-192/256 is of more overhead?

Thanks

MS

Correct Answer
Federico Coto F... Fri, 04/09/2010 - 14:14

Yes.

The longest the encryption key the more secure it is, but more processing-demanding.

Federico.

Actions

This Discussion