cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
369
Views
0
Helpful
4
Replies

L2L Tunnel / Remote access Encryption choice

mvsheik123
Level 7
Level 7

Hi All,

When the ASA suports below encryptions...

TEST-ASA(config-isakmp-policy)# encryption ?

crypto-isakmp-policy mode commands/options:

  3des        3des encryption
  aes          aes-128 encryption
  aes-192    aes-192 encryption
  aes-256    aes-256 encryption
  des           des encryption

leaving DES, what is the recomended encryption in general for L2L / Remote access VPN configs (considering thruput and overhead).

TIA

MS

1 Accepted Solution

Accepted Solutions

Yes.

The longest the encryption key the more secure it is, but more processing-demanding.

Federico.

View solution in original post

4 Replies 4

Hi,

AES is the new standard and preferred method.

Its thrughout is better than 3DES and more secure than both DES and 3DES.

In fact, DES is no longer recommended.

If you can use AES go for it and chose the key size (that might have a performance impact).

Federico.

Hi ,

Thanks for the reply. So AES --> aes-128 is better than 3DES..? aes-192/256 is of more overhead?

Thanks

MS

Yes.

The longest the encryption key the more secure it is, but more processing-demanding.

Federico.

cool..thanks.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: