Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Security vs performance

Hi

Apologies if this has been asked before but I couldn't see an answer when I searched.

I have a Cisco 3005 Concentrator with 64MB RAM. I am intending to use only Cisco VPN software and hardware clients with X.509 certificates. I have successfully tested IPSEC connections using the following configuration:

Authentication Mode: RSA Digital Certificates (XAUTH)

Authentication Algorithm: SHA/HMAC-160

Encryption Algorithm: AES-256

Diffie-Hellman Group: Group 5 (1536 bits)

Obviously this is good security-wise (could it be any stronger?) however I wonder what the performance implications are of using HMAC with SHA1 and AES-256 on the 3005 range are? I don't envisage us ever having more than about 50 concurrent tunnels, certainly no more than the 200 which are supposedly supported with 64MB RAM. I also intend to configure load balancing once I have upgraded our other 3005 to 64MB RAM.

Any advice you could give on recommended configuration for performance versus security would be gratefully received.

Thanks

Karl

1 REPLY
New Member

Re: Security vs performance

The configuration you have mentioned is a good one and it will be effective and strong.The Cisco VPN Client supports these IPSec attributes:

•Authentication Algorithms:

ESP-MD5-HMAC-128

ESP-SHA1-HMAC-160

•Authentication Modes:

Preshared Keys

X.509 Digital Certificates

189
Views
0
Helpful
1
Replies
CreatePlease to create content