We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
And, with this new config and making some new changes at crypto ipsec transform-set point, doesn´t it?
Frabble
If you want to use AES for phase 2 then create another transform set, for example:
crypto ipsec transform-set ESP-AES-256-SHA esp-aes 256 esp-sha-hmac
and use this in the crypto map for the AES site to site tunnels.
heze54
ASKER
A++
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
I´m looking for a stronger encryption algorithm than 3des and also fast and with less CPU workload.
Is this algorithm aes 128,196,256,BF? or what?
regards
TimotiSt
Depends on your usage and security needs. AES128 is a lot better than 3des, while eating less CPU than AES256. BF is also nice, but a lot less standard.
Tamas
heze54
ASKER
Hi,
And aes128 security?
Any doc to compare aes versions? A newer docu about this ?
Unlimited question asking, solutions, articles and more.
TimotiSt
You can find 1000s of pages on comparisons of the AES variants.
AES128 is used by most financial institutions to protect their on-line presence, including PayPal, eBay, all the banks I have accounts with in Hungary and Ireland, etc.
It's your decision if that is good enough for you, or you want super-military-grade encryption, like AES512 with DH group 14.
You can always get better (if your software/hardware supports it), but you pay for it in speed.
then, I understand the following:
crypto isakmp policy 10
encryption aes 256
authentication pre-share
group 2
lifetime 28800
crypto isakmp policy 20
encr 3des
authentication pre-share
group 2
lifetime 28800
And, with this new config and making some new changes at crypto ipsec transform-set point, doesn´t it?