Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

L2L Tunnel / Remote access Encryption choice

Hi All,

When the ASA suports below encryptions...

TEST-ASA(config-isakmp-policy)# encryption ?

crypto-isakmp-policy mode commands/options:

  3des        3des encryption
  aes          aes-128 encryption
  aes-192    aes-192 encryption
  aes-256    aes-256 encryption
  des           des encryption

leaving DES, what is the recomended encryption in general for L2L / Remote access VPN configs (considering thruput and overhead).

TIA

MS

1 ACCEPTED SOLUTION

Accepted Solutions

Re: L2L Tunnel / Remote access Encryption choice

Yes.

The longest the encryption key the more secure it is, but more processing-demanding.

Federico.

4 REPLIES

Re: L2L Tunnel / Remote access Encryption choice

Hi,

AES is the new standard and preferred method.

Its thrughout is better than 3DES and more secure than both DES and 3DES.

In fact, DES is no longer recommended.

If you can use AES go for it and chose the key size (that might have a performance impact).

Federico.

Re: L2L Tunnel / Remote access Encryption choice

Hi ,

Thanks for the reply. So AES --> aes-128 is better than 3DES..? aes-192/256 is of more overhead?

Thanks

MS

Re: L2L Tunnel / Remote access Encryption choice

Yes.

The longest the encryption key the more secure it is, but more processing-demanding.

Federico.

Re: L2L Tunnel / Remote access Encryption choice

cool..thanks.

165
Views
0
Helpful
4
Replies