Is Phase 2 requiring for full security

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by egyvoip, Nov 18, 2006.

  1. egyvoip

    egyvoip LI Guru Member


    I creat a VPN between 2 RV042 and it is working fine, but can you please lock at attached picture and tell me if this VPN is very secure, or it still requiring adding phase 2 encryption. while I disable it to save BW.

    Thank you

    Attached Files:

  2. Toxic

    Toxic Administrator Staff Member

    you need both setup for a secure connection.

    The Phase 1 establishes an IKE Security Assocation through which the Phase 2 negotiation creates IPSec SAs.

    tbh I would use the minimum of 3DES/SHA1 for both. check out the Linksysinfo Videos (downloads section)of setting up a VPN tunnel between a WRV200/WRV54G, you'll see the setup much better.
  3. pablito

    pablito Network Guru Member

    I agree. You're setting up the initial tunnel secure but then run it without encryption. Normally we do phase 1 with the highest security (like 3DES or AES-256 instead of AES 128) and then back off a bit at phase 2. I find AES 128 + compression for phase 2 to work well. My tests show me that compression makes up for any overhead and compressible data like plain text get at least 5-1 compression over the stated bandwidth. This makes web and email traffic over the VPN faster than over non VPN routes.
  4. egyvoip

    egyvoip LI Guru Member

    Thank you...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice