With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.
Course Of The Month
Become a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Cisco 2821 and 1841 encr aes 256
Posted on 2013-01-05
Hi,
Righ now, I have 3 sites connected using cisco hardware (837, 1841 and 2821).All of them using ipsed 3des tunnels like a triangle, 3 sites.
The side built using 1841 and 2821 should be changed from 3des to aes but this is the config:
This is used by all the crypto config, and then the specific config for each site
As far as I knowm this entry must be changed to "encr aes 256", but If I do this, 3des sites does not work.
Any idea?
regards
Righ now, I have 3 sites connected using cisco hardware (837, 1841 and 2821).All of them using ipsed 3des tunnels like a triangle, 3 sites.
The side built using 1841 and 2821 should be changed from 3des to aes but this is the config:
crypto isakmp policy 20
encr 3des
authentication pre-share
group 2
lifetime 28800
This is used by all the crypto config, and then the specific config for each site
As far as I knowm this entry must be changed to "encr aes 256", but If I do this, 3des sites does not work.
Any idea?
regards
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
4
2
2
8 Comments
You can have multiple IKE policies, the number being the priority and the order that the policies are presented when devices negotiate to find a common policy.
For example, you could configure:
crypto isakmp policy 10
encryption aes 256
authentication pre-share
group 2
lifetime 28800
This will be tried first and used for the aes sites, but drop down to the next policy (the one you currently have) for the the 3des sites.
For example, you could configure:
crypto isakmp policy 10
encryption aes 256
authentication pre-share
group 2
lifetime 28800
This will be tried first and used for the aes sites, but drop down to the next policy (the one you currently have) for the the 3des sites.
Active 2 days ago
Hi,
then, I understand the following:
crypto isakmp policy 10
encryption aes 256
authentication pre-share
group 2
lifetime 28800
crypto isakmp policy 20
encr 3des
authentication pre-share
group 2
lifetime 28800
And, with this new config and making some new changes at crypto ipsec transform-set point, doesn´t it?
then, I understand the following:
crypto isakmp policy 10
encryption aes 256
authentication pre-share
group 2
lifetime 28800
crypto isakmp policy 20
encr 3des
authentication pre-share
group 2
lifetime 28800
And, with this new config and making some new changes at crypto ipsec transform-set point, doesn´t it?
If you want to use AES for phase 2 then create another transform set, for example:
crypto ipsec transform-set ESP-AES-256-SHA esp-aes 256 esp-sha-hmac
and use this in the crypto map for the AES site to site tunnels.
crypto ipsec transform-set ESP-AES-256-SHA esp-aes 256 esp-sha-hmac
and use this in the crypto map for the AES site to site tunnels.
Active 2 days ago
Hi again,
According to this text/link
http://www.cs.wustl.edu/~jain/cse567-06/ftp/encryption_perf/index.html
I´m looking for a stronger encryption algorithm than 3des and also fast and with less CPU workload.
Is this algorithm aes 128,196,256,BF? or what?
regards
According to this text/link
http://www.cs.wustl.edu/~jain/cse567-06/ftp/encryption_perf/index.html
I´m looking for a stronger encryption algorithm than 3des and also fast and with less CPU workload.
Is this algorithm aes 128,196,256,BF? or what?
regards
Depends on your usage and security needs. AES128 is a lot better than 3des, while eating less CPU than AES256. BF is also nice, but a lot less standard.
Tamas
Tamas
Active 2 days ago
Hi,
And aes128 security?
Any doc to compare aes versions? A newer docu about this ?
Regards
And aes128 security?
Any doc to compare aes versions? A newer docu about this ?
Regards
You can find 1000s of pages on comparisons of the AES variants.
AES128 is used by most financial institutions to protect their on-line presence, including PayPal, eBay, all the banks I have accounts with in Hungary and Ireland, etc.
It's your decision if that is good enough for you, or you want super-military-grade encryption, like AES512 with DH group 14.
You can always get better (if your software/hardware supports it), but you pay for it in speed.
Tamas
AES128 is used by most financial institutions to protect their on-line presence, including PayPal, eBay, all the banks I have accounts with in Hungary and Ireland, etc.
It's your decision if that is good enough for you, or you want super-military-grade encryption, like AES512 with DH group 14.
You can always get better (if your software/hardware supports it), but you pay for it in speed.
Tamas
Featured Post
It's inevitable. People leave organizations creating a gap in your service. That's where Percona comes in.
See how Pepper.com relies on Percona to:
-Manage their database
-Guarantee data safety and protection
-Provide database expertise that is available for any situation
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month4 days, 23 hours left to enroll
Earn Certification
Cisco CCNP Security: SIMOS
$197.00$177.30
Earn Certification
Cisco CCENT R&S: ICND1 v3
$197.00$177.30
635 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.