Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

aes128 vs 3des


I have a vpn site to site configured with 2821 and 1721 routers.

Encryption is set to esp-3des esp-cha-hmac. I know that aes is better than 3des, is modern and built for this porpouse.. and faster than 3des.

First question:

Even aes(which I want to use 128) is less than 168 bit.. is stronger tan 3des?

Now, the lmds connected to stablish the vpn (4x4) is not full velocity because of the encryption, Can I use another HARD encrytion to improve the connection?

This line is about 450 KB/s to internet and to the vpn remote site 2xxKB/s

1721 has vpn module instaled

What can I do?

best regards

New Member

Re: aes128 vs 3des

The Advanced Encryption Standard (AES) feature adds support for the new encryption standard AES, with Cipher Block Chaining (CBC) mode, to IP Security (IPSec).AES is a privacy transform for IPSec and Internet Key Exchange (IKE) and has been developed to replace the Data Encryption Standard (DES). AES is designed to be more secure than DES: AES offers a larger key size, while ensuring that the only known approach to decrypt a message is for an intruder to try every possible key. AES has a variable key length-the algorithim can specify a 128-bit key (the default), a 192-bit key, or a 256-bit key.