Tags: , ,


Forum Replies

  1. Hi Francesco,

    DH is used to generate a shared private key over an insecure network (like the Internet). Here's an example of the different DH groups:

    Diffie-Hellman group 1 - 768 bit modulus
    Diffie-Hellman group 2 - 1024 bit modulus
    Diffie-Hellman group 5 - 1536 bit modulus
    Diffie-Hellman group 14 - 2048 bit modulus
    Diffie-Hellman group 19 - 256 bit elliptic curve
    Diffie-Hellman group 20 - 384 bit elliptic curve
    Diffie-Hellman group 21 - 521 bit elliptic curve

    The higher the DH group number, the more secure the exchange will be.

    Here's an interesting link from Cisco where they advise which protocols you should or shouldn't use:

    http://www.cisco.com/c/en/us/about/security-center/next-generation-cryptography.html

    Rene

  2. Hi Rene,

    Am I right about DH if i say:
    I configured PSK on both sides, then DH use its own (differrent) key to secure the configured PSK and it will do the exchange?
    Thanks

  3. Sorry

    I meant, does anyone know if you can run a bgp session over an crypto map ipsec tunnel ( it's 3:30 am and i'm really for bed )

  4. Hi Rene,

    I have couple of doubts. Can I have your attention to get this reply.

    Site to Site Tunnel is established properly between Site A and Site B. Both the Phases 1 & 2 is established properly. Both the site can ping each other nicely.

    Now, Scenario 1> Site A traffic cannot be decrypted at Site B -> What could be the possible reasons?
    Scenario 2> Site A traffic cannot be encrypted -> What could be the possible reasons?
    Scenario 3> from Site A to Site B traffic is passing slowly -> What could be the possible reasons?

    Thanks,
    Manami

  5. Thanks Laz that was helpful.

22 more replies! Ask a question or join the discussion by visiting our Community Forum