Your manager requires you to setup a VPN to a new business partner site. The administrator from
the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1
and AES 256 for IKE phase 2. Why is this a problematic setup?
A.
The two algorithms do not have the same key length and so don’t work together. You will get
the error …. No proposal chosen….
B. All is fine as the longest key length has been chosen for encrypting the data and a shorter key
length for higher performance for setting up the tunnel.
C.
Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key
length in phase 2 only costs performance and does not add security due to a shorter key in phase
1.
D.
All is fine and can be used as is.
C)
C seems right