Support User Manuals

Cisco Systems OL-16647-01 Network Router User Manual

Open as PDF

of 1230

32-5

Cisco ASDM User Guide

OL-16647-01

Chapter 32 VPN

VPN Wizard

Fields

• Encryption—Select the symmetric encryption algorithm the security appliance uses to establish the

Phase 1 SA that protects Phase 2 negotiations. The security appliance supports the following

encryption algorithms:

The default, 3DES, is more secure than DES but requires more processing for encryption and

decryption. Similarly, the AES options provide increased security, but also require increased

processing.

• Authentication—Select the hash algorithm used for authentication and ensuring data integrity. The

default is SHA. MD5 has a smaller digest and is considered to be slightly faster than SHA. There

has been a demonstrated successful (but extremely difficult) attack against MD5. However, the

Keyed-Hash Message Authentication Code (HMAC) version used by the security appliance prevents

this attack.

• Diffie-Hellman Group—Select the Diffie-Hellman group identifier, which the two IPsec peers use

to derive a shared secret without transmitting it to each other. The default, Group 2 (1024-bit

Diffie-Hellman), requires less CPU time to execute but is less secure than Group 5 (1536-bit). Group

7 is for use with the Movian VPN client, but works with any peer that supports Group 7 (ECC).

Note The default value for the VPN 3000 Series Concentrator is MD5. A connection between the security

appliance and the VPN Concentrator requires that the authentication method for Phase I and II IKE

negotiations be the same on both sides of the connection.

Modes

The following table shows the modes in which this feature is available:

Hosts and Networks

Use the Hosts and Networks panel to identify local and remote hosts and networks that can use this

LAN-to-LAN IPsec tunnel to send and receive data.

Algorithm Explanation

DES Data Encryption Standard. Uses a 56-bit key.

3DES Triple DES. Performs encryption three times using a 56-bit key.

AES-128 Advanced Encryption Standard. Uses a 128-bit key.

AES-192 AES using a 192-bit key.

AES-256 AES using a 256-bit key

Firewall Mode Security Context

Routed Transparent Single

Multiple

Context System

• — • ——

previous next