I read this in a book, not sure how correct it is, just wondering if someone could advise.
The DH is used to protect the IPSec tunnel setup process. The DH tunnel is used to encrypt the IPSec negotiations that are required before the tunnel can come up. Several strengths of the DH are available, but most cisco devices support only the two weakest types called group 1(768 bit enc) and group 2 (1024-bit enc). With the approval of the new AES encryption standard, the IETF is working on increasing DH to 8192 bits.
With regards to the last line, does this mean that vpn setup is possibly compromisable or totally secure. Is cisco planning to support the AES encryption standard.
I also read this with regards to data IPSec encryption.
Cisco has indicated support for AES and has started integrating it into some products.
Again does this mean that 3DES can be compromised. Any ideas on when the new standard will be available. I am just trying to identify any possible weakness's.
Thankyou for reply, what about the pix, any support for DH group 5 in the future?
I beleive AES 256k data encryption is available for the vpn 3000's and as u mention on the routers 12.2(13)T, any idea when this will be supported on the pix's. How secure is 3des? - is it breakable.?.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...