Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner
site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKE
phase 2. Why is this a problematic setup?
The two algorithms do not have the same key length and so don’t work together. You will get the error … Noproposal chosen…
All is fine as the longest key length has been chosen for encrypting the data and a shorter key length for
higher performance for setting up the tunnel.
Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase
2 only costs performance and does not add security due to a shorter key in phase 1.
All is fine and can be used as is.