Why is this a problematic setup?

Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKE phase 2. Why is this a problematic setup?

Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKE phase 2. Why is this a problematic setup?

A.
All is fine as the longest key length has been chosen for encrypting the data and a shorter key length for higher performance for setting up the tunnel.

B.
All is fine and can be used as is.

C.
Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase 2 only costs performance and does not add security due to a shorter key in phase 1.

D.
The 2 algorithms do not have the same key length and so don’t work together. You will get the error "…. No proposal chosen…."



Leave a Reply 1

Your email address will not be published. Required fields are marked *


mr_tienvu

mr_tienvu

I have the same idea. C