Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Diffie Hellman Groups

Diffie-Hellman (DH) allows two devices to establish a shared secret over an unsecure network. In terms of VPN it is used in the in IKE or Phase1 part of setting up the VPN tunnel.  

There are multiple Diffie-Hellman Groups that can be configured in an IKEv2 policy on a Cisco ASA running 9.1(3). In Nov 2016 ASA 9.6(x) is available and there are no new changes to the DH Groups.

 

Diffie-Hellman group 1  -  768 bit modulus  - AVOID
Diffie-Hellman group 2  - 1024 bit modulus  - AVOID
Diffie-Hellman group 5  - 1536 bit modulus  - AVOID
Diffie-Hellman group 14 - 2048 bit modulus – MINIMUM ACCEPTABLE
Diffie-Hellman group 19 - 256 bit elliptic curve – ACCEPTABLE
Diffie-Hellman group 20 - 384 bit elliptic curve – Next Generation Encryption
Diffie-Hellman group 21 - 521 bit elliptic curve – Next Generation Encryption
Diffie-Hellman group 24 - modular exponentiation group with a 2048-bit modulus and 256-bit prime order subgroup – Next Generation Encryption

 

Algorithms marked as AVOID do not provide an adequate security level against modern threats and should not be used to protect sensitive information. It is recommended that these algorithms be replaced with stronger algorithms.

Next Generation Encryption (NGE) is expected to meet the security and scalability requirements of the next two decades.

If you are using encryption or authentication algorithms with a 128-bit key, use Diffie-Hellman groups 5, 14, 19, 20 or 24.    If you are using encryption or authentication algorithms with a 256-bit key or higher, use Diffie-Hellman group 21 or 24.

 

 

This information has been compiled from:

http://www.cisco.com/web/about/security/intelligence/nextgen_crypto.html

https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf

 

 

Version history
Revision #:
1 of 1
Last update:
‎08-11-2014 11:27 AM
Updated by:
 
Labels (1)
Everyone's tags (3)
Comments
New Member
Please also note/check the security concerns vs the HADWARE supported/performance on the ASAs: Hardware and or Software only supported on single or multi-core platforms (check with the TAC)
 
http://www.cisco.com/c/en/us/products/collateral/security/adaptive-security-appliance-asa-software/qa_c67-712934.html
Q. Is next generation encryption available on all ASA platforms?
A. No. Next Generation Encryption is fully supported on the ASA 5585-X, 5500-X Series, and 5580, as well as on the Catalyst 6500 Series ASA Services Module. It can only be partially supported on the ASA 5505, 5510, 5520, 5540, and 5550 due to hardware limitations. AnyConnect 3.1 or greater and an AnyConnect Premium License are also required to use next generation encryption for remote access connections.
 
New Member

the statement about using DH5 as "ok" if the enc is using 128bit key is not accurate. the enc doesnt matter, the issue is in DH5, it's too weak to protect keys regardless of key size, period. there are some Cisco documents out there suggesting that aes256 keys were too big for DH1/2/5 to protect properly, but that too is false. bottom line is, DH1/2/5 is the issue, not the enc algorithm.

New Member

Since DH5 is considered to weak. How would increase to a higher DH group with an IPsec tunnel that is already in production? Is there a newer IOS version that allows for higher DH?

New Member

What version of IOS are you using and on what platform ? 


Typically DH Keys are configured in the IKE proposal, see below.

 

!
crypto ikev2 proposal IKEV2-PROPOSAL
encryption aes-cbc-256
integrity sha512
group 24
!
New Member

Tim Glen,

This for a Cisco 5525 ASA: Software version 9.6(1).

crypto ikev2 policy 1
 encryption aes-256
 integrity sha
 group 5 2

New Member


This IKE change would need to take place on this ASA and the other end(s) of the tunnel.  Changing this would be disruptive so make these changes during a maintenance window. 

Changing integrity to sha512 strengthens the ESP integrity.

Right now with group 5 you have a 1536 bit DH key, this is considered weak.
Changing group to 24 will configure the ASA to use the strongest ECDH key possible.

!
crypto ikev2 policy 10
encryption aes-256
integrity sha512
group 24
!


After the tunnel comes back up you can verify that you are using a strong DH Key by running sho crypto isakmp sa and looking for 'Hash: SHA512, DH Grp:24'.

Hope this helps. Pleae rate helpful responses.

New Member

I appreciate the info on newer DH groups for ASA. I also find the following IBM document helpful:

IBM z/OS IPSec Documentation - quote from article follows

"Guideline: If you are using encryption or authentication algorithms with a 128-bit key, use Diffie-Hellman groups 5,14,19,20, or 24. If you are using encryption or authentication algorithms with a key length of 256 bits or greater, use Diffie-Hellman group 21."

This seems to match the ordering of DH groups when specified together in the same IKEv2 policy in an ASA config: group 21 20 19 24 14 5

Notice that it appears the ASA prefers DH Groups 21 through 19 over 24 - perhaps because they are more standard elliptic curve groups while group 24 is an exotic extension to older style "Modular exponentiation group?"

Based on this group ordering within ASA ikev2 policy it looks like the ASA may "do the right thing" and choose group 21 over 24 if they appear in the same policy "group" line? This also makes it appear that network engineers should consider eliminating group 24 from the device config completely if it is not a preferred Diffie Hellman group?

New Member

Yes Tim, this was very helpful. Thanks.

New Member

I have a question. what is the default DH group on site to site VPN ? As I checked on my ASDM it was 2 but I want to be sure.

New Member

According to the ASA documentation the default DH group is 2.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/A-H/cmdref1/gh.html

Please rate helpful posts.

New Member

What is meant by "partial support" on the ASA 5510? On a 5510 with OS version 9.1(6) it appears that groups 1, 2, and 5 are still the only diffie hellman groups available when looking at the IKEv2 policies through the ASDM. Or am I missing something?

New Member

ASDM only displays groups 1, 2, and 5 but you can use the newer DH groups by configuring the IKEv2 policies through the CLI.  Tim Glen posted the appropriate commands above, and they do work on ASA5510 running 9.1.7.  Not sure about previous versions of 9.1.