Cisco ASA 5505 Configuration Manual page 1270
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
VPN Wizard
Algorithm
AES-128
AES-192
AES-256
•
•
The default value for the VPN 3000 Series Concentrator is MD5. A connection between the adaptive
Note
security appliance and the VPN Concentrator requires that the authentication method for Phase I and II
IKE negotiations be the same on both sides of the connection.
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
Routed
•
IPsec Rule
Use this IPsec Rule pane to select the encryption and authentication methods to use for Phase 2 IKE
negotiations, which create the secure VPN tunnel. These values must be exactly the same for both peers.
Fields
•
Encryption
Method
DES
3DES
AES-128
Cisco ASA 5500 Series Configuration Guide using ASDM
62-6
Explanation
Advanced Encryption Standard. Uses a 128-bit key.
AES using a 192-bit key.
AES using a 256-bit key
The default, 3DES, is more secure than DES but requires more processing for encryption and
decryption. Similarly, the AES options provide increased security, but also require increased
processing.
Authentication—Choose the hash algorithm used for authentication and ensuring data integrity. The
default is SHA. MD5 has a smaller digest and is considered to be slightly faster than SHA. There
has been a demonstrated successful (but extremely difficult) attack against MD5. However, the
Keyed-Hash Message Authentication Code (HMAC) version used by the adaptive security appliance
prevents this attack.
Diffie-Hellman Group—Choose the Diffie-Hellman group identifier, which the two IPsec peers use
to derive a shared secret without transmitting it to each other. The default, Group 2 (1024-bit
Diffie-Hellman), requires less CPU time to execute but is less secure than Group 5 (1536-bit).
Security Context
Transparent Single
—
•
Encryption—Choose the symmetric encryption algorithm the adaptive security appliance uses to
establish the VPN tunnel. The adaptive security appliance uses encryption to protect the data that
travels across the tunnel and ensure privacy. Valid encryption methods include the following:
Explanation
Data Encryption Standard. Uses a 56-bit key.
Triple DES. Encrypts three times using a 56-bit key.
Advanced Encryption Standard. Uses a 128-bit key.
Multiple
Context
System
—
—
Chapter 62
VPN
OL-20339-01
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
