L2L Tunnel / Remote access Encryption choice

Answered Question
Apr 9th, 2010
User Badges:
  • Gold, 750 points or more

Hi All,


When the ASA suports below encryptions...



TEST-ASA(config-isakmp-policy)# encryption ?


crypto-isakmp-policy mode commands/options:

  3des        3des encryption
  aes          aes-128 encryption
  aes-192    aes-192 encryption
  aes-256    aes-256 encryption
  des           des encryption


leaving DES, what is the recomended encryption in general for L2L / Remote access VPN configs (considering thruput and overhead).


TIA

MS

Correct Answer by Federico Coto F... about 7 years 1 month ago

Yes.


The longest the encryption key the more secure it is, but more processing-demanding.


Federico.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Federico Coto F... Fri, 04/09/2010 - 14:07
User Badges:
  • Green, 3000 points or more

Hi,


AES is the new standard and preferred method.

Its thrughout is better than 3DES and more secure than both DES and 3DES.


In fact, DES is no longer recommended.

If you can use AES go for it and chose the key size (that might have a performance impact).


Federico.

mvsheik123 Fri, 04/09/2010 - 14:12
User Badges:
  • Gold, 750 points or more

Hi ,


Thanks for the reply. So AES --> aes-128 is better than 3DES..? aes-192/256 is of more overhead?


Thanks

MS

Correct Answer
Federico Coto F... Fri, 04/09/2010 - 14:14
User Badges:
  • Green, 3000 points or more

Yes.


The longest the encryption key the more secure it is, but more processing-demanding.


Federico.

Actions

This Discussion