04-09-2010 02:02 PM - edited 02-21-2020 04:35 PM
Hi All,
When the ASA suports below encryptions...
TEST-ASA(config-isakmp-policy)# encryption ?
crypto-isakmp-policy mode commands/options:
3des 3des encryption
aes aes-128 encryption
aes-192 aes-192 encryption
aes-256 aes-256 encryption
des des encryption
leaving DES, what is the recomended encryption in general for L2L / Remote access VPN configs (considering thruput and overhead).
TIA
MS
Solved! Go to Solution.
04-09-2010 02:14 PM
Yes.
The longest the encryption key the more secure it is, but more processing-demanding.
Federico.
04-09-2010 02:07 PM
Hi,
AES is the new standard and preferred method.
Its thrughout is better than 3DES and more secure than both DES and 3DES.
In fact, DES is no longer recommended.
If you can use AES go for it and chose the key size (that might have a performance impact).
Federico.
04-09-2010 02:12 PM
Hi ,
Thanks for the reply. So AES --> aes-128 is better than 3DES..? aes-192/256 is of more overhead?
Thanks
MS
04-09-2010 02:14 PM
Yes.
The longest the encryption key the more secure it is, but more processing-demanding.
Federico.
04-09-2010 02:15 PM
cool..thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: