IPSec Encrytion

Posted on 2006-04-27
Last Modified: 2010-03-19
Which IPSec encrytion provides the best balance between speed and security?
Question by:mohawkadmin
    LVL 44

    Accepted Solution

    Generally routers have 2 settings, if you choose the maximum encryption (128 bit as I recall) it is very slow, very reliable, but 10 minutes to transfer a 10 MB file, typically.  So use the next level of encryption below the maximum for the router (the reason it is relative is the routers capabilities and onboard RAM and speed vary from one model to the next).  Then when you pick an encryption key, keep it between 6 and 12 characters, without spaces.  Letter-number combos are good, like - MH127admin98 - would be the longest you would want.  Make sure the authentication is set to challenge-response, and you will be operating at as fast as that router can do (likewise, set the other VPN router the same).  If you are talking about windows server VPN, forget it, it is MUCH slower that VPN-endpoint router to VPN-endpoint router.
    LVL 2

    Expert Comment

    Not really possible to answer as it depends on who is looking at the packets and how much time and processing power they have.

    Anyway as a rule of thumb start low and baseline with a transfer across the wire. then start to ramp up the encryption and test again using your baseline method.
    Stop when you can't use the line to your users satifaction.

    You could augment the security in your model by using PGP encryption to protect you sensitive data: on files being transfered and Email etc.

    this is a good article (maybe old but still true)


    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Suggested Solutions

    The DSL Parameters part of this article is valid and can be considered with any brand of internet router and modem (Dlink, 3com, Alcatel, Usrobotics, Parks), by accessing the configuration interface available by the manufacturer eg: …
    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now