<div>
&quot;All things being equal, choose the more secure option that is available to you.&quot; If there is not a huge difference in performance between MD5 and SHA-1 or SHA-2 then you should chose the stronger option. <br />
<br />
If its easy for you to set up and configure a point-to-point VPN link with 3DES and AES-256; then you should chose the stronger option. Also, if you can configure Diffie-Hellman group 2 or 5 or 14 equally, then you should chose the stronger option.<br />
<br />
I'm sure you've reviewed the encryption and authentication algorithms that you are currently using. With that said, and Keeping in mind my first statement above, you should always run the strongest algorithms and key strengths possible for your secured communications.<br />
<br />
-HTH<br />
<br />
-Rafael
</div>


<div>
Thank you both. <br />
<br />
Qlemo, I have considered both of these but what are your thoughts on AES-256 and SHA-2. I had request recently from GoDaddy to change all of my SSL certs SHA-2. Yes I know my router configuration is different than my SSL certificates but I am wondering if this is something that I should consider for the future. Or just stay with the current since it is not too difficult to change should I need/want to tell at a later time.<br />
<br />
Rafael, thank you for your post however you really don't answer the question. 'Choosing the strong option' and 'running the strongest option' are only telling me what I already know. I am looking more for what the current 'norm' or user thoughts are for the current standard.
</div>


<div>
Qlemo, by current I mean AES-192 and SHA-1.
</div>


<div>
Jennifer,<br />
<br />
Current norm is AES 256 and SHA-2. &nbsp;That is what many &nbsp;in corporate america as well as other agencies use.
</div>


<div>
I went with AES192 and SHA-2 configuration. I will see how it goes once it is hooked up at our branch location.
</div>


<div>
<div class="content wysiwyg-content">
What is the best IPsec encryption/authentication to use? I am putting in a new branch router. It looks like the router that are in place now are using MD5/3DES. Should I stay with this?
</div>
</div>


What is the best IPsec encryption/authentication to use? I am putting in a new branch router. It looks like the router that are in place now are using MD5/3DES. Should I stay with this?

Site to Site VPN IPsec

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Hardware Firewalls

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Encryption

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.