Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

site-to-site with soho 91 & checkpoint

I have a slew of these already working - no probs - 3des/sha Would moving to aes 128 or 256 be more/less secure - if more secure, would there be a performance hit? How about PFS - currently not using - would it add value to use, and if so, again, will there be a performance hit?

Thanks much

1 REPLY
New Member

hello 

hello 

as the encryption  algo becomes more complex the performance will decrease but this will depend on the how powerful crypto engines is on the respective device, if your crypto hardware is good it will  perform even with the PFS turned on. 

for the VPN throughput please refer the datasheets of the respective vendors

below are the references for cisco ASA

cisco encryption algo on ASA

VPN throughput for next gen firewalls

 hope that helps ;)

#Rohan

130
Views
0
Helpful
1
Replies
CreatePlease to create content