ASA VPN Deffe-Helman Group Change

Unanswered Question
Jason Gervia Mon, 07/05/2010 - 06:24
User Badges:
  • Cisco Employee,

Diffie Hellman group 7 was meant for low powered PDAs/processors  and is less secure, not more (despite the higher number).  You should contact your account team or open a TAC case if you need an official answer as to why it was removed - but most modern processors can support groups, 1,2, or 5 (768,1024, and 1536 bits, respectively) vs group 7 (ECC/163bits)



This Discussion