EasyManuals Logo

Cisco 5510 - ASA SSL / IPsec VPN Edition Configuration Guide

Cisco 5510 - ASA SSL / IPsec VPN Edition
1822 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1270 background imageLoading...
Page #1270 background image
62-6
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 62 VPN
VPN Wizard
The default, 3DES, is more secure than DES but requires more processing for encryption and
decryption. Similarly, the AES options provide increased security, but also require increased
processing.
• Authentication—Choose the hash algorithm used for authentication and ensuring data integrity. The
default is SHA. MD5 has a smaller digest and is considered to be slightly faster than SHA. There
has been a demonstrated successful (but extremely difficult) attack against MD5. However, the
Keyed-Hash Message Authentication Code (HMAC) version used by the adaptive security appliance
prevents this attack.
• Diffie-Hellman Group—Choose the Diffie-Hellman group identifier, which the two IPsec peers use
to derive a shared secret without transmitting it to each other. The default, Group 2 (1024-bit
Diffie-Hellman), requires less CPU time to execute but is less secure than Group 5 (1536-bit).
Note The default value for the VPN 3000 Series Concentrator is MD5. A connection between the adaptive
security appliance and the VPN Concentrator requires that the authentication method for Phase I and II
IKE negotiations be the same on both sides of the connection.
Modes
The following table shows the modes in which this feature is available:
IPsec Rule
Use this IPsec Rule pane to select the encryption and authentication methods to use for Phase 2 IKE
negotiations, which create the secure VPN tunnel. These values must be exactly the same for both peers.
Fields
• Encryption—Choose the symmetric encryption algorithm the adaptive security appliance uses to
establish the VPN tunnel. The adaptive security appliance uses encryption to protect the data that
travels across the tunnel and ensure privacy. Valid encryption methods include the following:
AES-128 Advanced Encryption Standard. Uses a 128-bit key.
AES-192 AES using a 192-bit key.
AES-256 AES using a 256-bit key
Algorithm Explanation
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——
Encryption
Method Explanation
DES Data Encryption Standard. Uses a 56-bit key.
3DES Triple DES. Encrypts three times using a 56-bit key.
AES-128 Advanced Encryption Standard. Uses a 128-bit key.

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals