Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Beefing up Security on my L2L VPNs

I have multiple VPNs running between some ASA5505s and a 5510.  Here are the current encryption settings:

crypto ipsec transform-set myvpnset esp-3des esp-md5-hmac

crypto isakmp policy 1
authentication pre-share
encryption 3des
hash md5
group 1
lifetime 86400

I'd like to make the security stronger on these VPNs, without having any noticeable impact on performance.  I was considering changing to the following (changes in red text):

crypto ipsec transform-set myvpnset esp-aes esp-sha-hmac

crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400

Additionally, I was considering enabling Perfect Forward Secrecy using Diffie-Hellman Group 2.

Does this look like a reasonable path for me to take?  Should I also move to AES for my isakmp policy (and then DH Group 5 instead of 2?)  Are there any downsides to enabling PFS?

Thank you.

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: Beefing up Security on my L2L VPNs

RHITCHCOCK wrote:

crypto ipsec transform-set myvpnset esp-aes esp-sha-hmac

crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400

Additionally, I was considering enabling Perfect Forward Secrecy using Diffie-Hellman Group 2.

Does this look like a reasonable path for me to take?  Should I also move to AES for my isakmp policy (and then DH Group 5 instead of 2?)  Are there any downsides to enabling PFS?

Thank you.

Hi,

Cisco recomends in training material to use DH-5 for AES-variants, DH-2 for 3DES and DH-1 for DES

DH-5 is a good choice for AES (any variant), it is stronger than DH-2. Use it on Phase 1. Verify hardware acceleration with

show crypto accelerator statistics

Using AES and DH-5 for Phase 1 would also be an improvement.

Pfs will run independent DH-negotiations for each key, resulting in a higher load. The accelerator should handle that if you don't have a very high rate of connections (or better SA-negotiations) per minute.

If you run pfs, make shure that the DH-group matches the encryption strength: DH-5 would be recommended for AES.

Best regards,

MiKa

6 REPLIES

Re: Beefing up Security on my L2L VPNs

Hi,

Since these are ASAs you should not notice any impact on the performance (encryption is done in hardware).

I'll suggest enabling AES-256 on phase 1 and phase 2 and also SHA on both.

Enabling PFS is enabling a D-H group on phase 2 for more security.

Go for it :-)

Federico.

New Member

Re: Beefing up Security on my L2L VPNs

I've read all kinds of conflicting things online about AES-128 vs AES-256.  Some people are even claiming that theoretically

AES-256 is LESS secure than AES-128, or that AES-256 is not substantially more secure than AES-128.  Any thoughts on that?

Re: Beefing up Security on my L2L VPNs

Must be something I'm not aware of.

AES is not unbreakable, but I've not heard of such problems....

Let's see if somebody else jumps in...

Federico.

Bronze

Re: Beefing up Security on my L2L VPNs

RHITCHCOCK wrote:

I've read all kinds of conflicting things online about AES-128 vs AES-256.  Some people are even claiming that theoretically

AES-256 is LESS secure than AES-128, or that AES-256 is not substantially more secure than AES-128.  Any thoughts on that?

Good article on AES security from Bruce Schneier:

http://www.schneier.com/blog/archives/2009/07/another_new_aes.html

There have been some papers on breaking AES especially an attack on AES-256:

Over the past couple of months, there have been two (the second blogged about here) new cryptanalysis papers on AES. The attacks presented in the papers are not practical -- they're far too complex, they're related-key attacks, and they're against larger-key versions and not the 128-bit version that most implementations use -- but they are impressive pieces of work all the same.

This new attack, by Alex Biryukov, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich, and Adi Shamir, is much more devastating. It is a completely practical attack against ten-round AES-256:

There are three reasons not to panic:

  • The attack exploits the fact that the key schedule for 256-bit version is pretty lousy -- something we pointed out in our 2000 paper -- but doesn't extend to AES with a 128-bit key.
  • It's a related-key attack, which requires the cryptanalyst to have access to plaintexts encrypted with multiple keys that are related in a specific way.
  • The attack only breaks 11 rounds of AES-256.  Full AES-256 has 14 rounds.

The most accurate answer would probably what Bruce Schneier stated:

And for new applications I suggest that people don't use AES-256. AES-128 provides more than enough security margin for the forseeable future. But if you're already using AES-256, there's no reason to change.

Hope that helps on AES 128/256. AES-128 is robust enough for industrial applications and AES-256 has still enough security margin against the latest attack.

Bronze

Re: Beefing up Security on my L2L VPNs

RHITCHCOCK wrote:

crypto ipsec transform-set myvpnset esp-aes esp-sha-hmac

crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400

Additionally, I was considering enabling Perfect Forward Secrecy using Diffie-Hellman Group 2.

Does this look like a reasonable path for me to take?  Should I also move to AES for my isakmp policy (and then DH Group 5 instead of 2?)  Are there any downsides to enabling PFS?

Thank you.

Hi,

Cisco recomends in training material to use DH-5 for AES-variants, DH-2 for 3DES and DH-1 for DES

DH-5 is a good choice for AES (any variant), it is stronger than DH-2. Use it on Phase 1. Verify hardware acceleration with

show crypto accelerator statistics

Using AES and DH-5 for Phase 1 would also be an improvement.

Pfs will run independent DH-negotiations for each key, resulting in a higher load. The accelerator should handle that if you don't have a very high rate of connections (or better SA-negotiations) per minute.

If you run pfs, make shure that the DH-group matches the encryption strength: DH-5 would be recommended for AES.

Best regards,

MiKa

New Member

Re: Beefing up Security on my L2L VPNs

Thanks for your help, both of you!

274
Views
0
Helpful
6
Replies
CreatePlease to create content