Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
883
Views
0
Helpful
1
Replies

RV220 configuration

Carl Hilton
Level 1
Level 1

‎01-19-2014 07:13 AM

I have two RV220's to form a VPN tunnel between offices.

My questions are

1) The default encryption is 3DES... Should I change this to something else.... PROs & CONs?

2) REMOTE LOGGING requires an SMTP.. No chance to SAVE FILES.. So, all my emails require SSL authentication for SMTP... I don't see how to do this in REMOTE LOGGING?

3) Should I enable a PFS KEY GROUP? If so, what does it give me?

Labels:
0 Helpful
1 Reply 1

Dan Miley
Level 3
Level 3

‎03-12-2014 12:24 PM

1- you can set the encryption to AES- <bitlength>  and while both are secure, the AES is a newer algo and supercedes DES, and longer bit length makes it take longer to brute force decrypt.  Think billion years instead of million years.  there is a little more overhead, but with just one site to site, it shouldn't load the router much.

 

2- you can do syslog on this device and send the messages to a syslog server. or if you are using google for your mail, they have an unencrypted smtp portal, instructions here... 

https://support.google.com/a/answer/176600?hl=en

If your device or application does not support SSL - connect to aspmx.l.google.com on port 25.

You must configure an SPF record for your domain with the IP address of the device or application to ensure that recipients do not reject mail sent from it. You must also add this IP address to the Email Whitelist box in your Google Admin console. For example, if your sending device sends from 123.45.67.89, add that address to your SPF record without removing the Google Apps mail servers from the record: v=spf1 ip4:123.45.67.89 include:_spf.google.com ~all

 

3- PFS is perfect forward secrecy, and allows the handshake to be slightly more secure (needs to be enabled on both sides), and prevents reuse of encryption keys.  http://en.wikipedia.org/wiki/Forward_secrecy

Dan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents