You have a mesh VPN Community configured to create a site-to-site VPN.
Given the displayed VPN properties, what can you conclude about this community?
A.
Change the data-integrity setting for this VPN Community because MD5 is oncompatible with
AES.
B.
Changing the setting Perform key exchange encryption with from AES-256 to 3DES will
enhance the VPN Community’s security , and reduce encryption overhead.
C.
The VPN Community will perform IKE Phase 1 key-exchange encryption using the longest key
Security Gateway R76 supports.
D.
Changing the setting Perform IPsec data encryption with from AES-128 to 3Des will increase
the encryption overhead.
A,B,C are wrong bcz
Algorithm Key-Length in Bits Standard
FWZ-1 40-bits Check Point proprietary
CAST 40-bits Public
DES 56-bits Public
3DES 168-bits Public
AES 256-bits Public
As far as the CPU difference between the two, there are various claims floating around stating that 3DES requires several times as much CPU as an equivalent operation under AES. In the real world whenever I have recommended that a client convert their firewall’s IPSec/Phase 2 encryption algorithm from 3DES to AES-128 their average firewall CPU load has dropped by 10-30%; every time.
I do agree with Greg. AES is more efficient and less processor intensive compare to 3DES.