Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Should I use DH Group 5 with AES-256/SHA?

Hi, When I trying create a VPN on my Cisco ASA it says I should use GH Grop 5, I normally use 2, is this more secure or faster than?

3 REPLIES

Re: Should I use DH Group 5 with AES-256/SHA?

From what I understand Group 5 is the default choice when using AES encryption algorythm, and yes it provides more security than group1 and group2, I don't have a link but I read while back G5 is mostly choosen when implementing L2L connections or vpn clients using certificates. If this is a L2L connection you are working on make sure the other end is also set as such.

http://www.cisco.com/en/US/docs/ios/12_1t/12_1t3/feature/guide/dtgroup5.html

Rgds

Jorge

Community Member

Re: Should I use DH Group 5 with AES-256/SHA?

Thanks Jorge,

I can't get DH5 to work, but you say it's using certs which I don't have, DH2 works fine though.

I set the Cisco 877 routers IKE proposal to use AES-256/SHA and it uses AES-128 instead although the IPsec tunnel uses AES-256/SHA, could there be a reason for this?

Re: Should I use DH Group 5 with AES-256/SHA?

Hi,

Can you post your config?

Regards,

Dandy

616
Views
0
Helpful
3
Replies
CreatePlease to create content