Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

vpn with aes

Pix user guide 6.3 said that aes need DH group 5. The Cisco VPN client documentation for vpn client 4.03 has example showing DH with group 2.

I tried both and it only seem to work with group 2.

Has anyone get any success with group 5.

Thanks

Eppie

1 REPLY
Cisco Employee

Re: vpn with aes

If you're using pre-shared keys (which is a standard group name and password in VPN3000 land), then the VPN client will use AES with DH Group 2. If you're using certificate's then it will use DH Group 5 with AES.

The admin guide here (http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/3_6/admin_gd/vcach6.htm#1157757) details all the IKE policies that the VPN client has, you can see with pre-shared keys AES is only negotiated with DH2.

128
Views
0
Helpful
1
Replies
CreatePlease to create content