Prev Question
Next Question

Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner
site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKE
phase 2. Why is this a problematic setup?

The two algorithms do not have the same key length and so don’t work together. You will get the error … Noproposal chosen…

All is fine as the longest key length has been chosen for encrypting the data and a shorter key length for
higher performance for setting up the tunnel.

Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase
2 only costs performance and does not add security due to a shorter key in phase 1.

All is fine and can be used as is.

Prev Question
Next Question

Leave a Reply

Your email address will not be published. Required fields are marked *