RE: ipsec AH

From: McClure, Allen (Allen.McClure@Yum.com)
Date: Tue Sep 09 2003 - 17:35:16 GMT-3

• Next message: Chris McCoy: "Re: ipsec AH"
• Previous message: miken: "Re: Anybody connected Sunblade switch to Cisco ?"
• Maybe in reply to: navaid@rogers.com: "ipsec AH"
• Next in thread: Chris McCoy: "Re: ipsec AH"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

http://www.cisco.com/en/US/about/ac123/ac114/ac173/ac168/about_cisco_pac
ket_technology09186a00800a4bbe.html

According to Nedeltchev, Cisco recommends using MD5 hashing in
remote-access VPN solutions and SHA-1 in site-to-site VPN solutions.
SHA-1 is used for site-to-site solutions because it provides greater
security, performing more algorithmic rounds than MD5 and producing
160-bit hash value compared to 128-bit value of MD5. In addition, SHA-1
uses the input message to compute the hash function words, while in MD5
these words are constant.

Allen G. McClure
CCNP/CCDP/MCSE
Yum! Brands, Inc.
Sr. Network Analyst
allen.mcclure@yum.com

-----Original Message-----
From: navaid@rogers.com [mailto:navaid@rogers.com]
Sent: Tuesday, September 09, 2003 2:45 PM
To: ccielab@groupstudy.com
Subject: ipsec AH

Two options for authenticatoin header are sha and md5. Which one is more
secure ? and why ?

R9(config)#crypto ipsec transform-set test ?
  ah-md5-hmac AH-HMAC-MD5 transform
  ah-sha-hmac AH-HMAC-SHA transform

Navaid

1

• Next message: Chris McCoy: "Re: ipsec AH"
• Previous message: miken: "Re: Anybody connected Sunblade switch to Cisco ?"
• Maybe in reply to: navaid@rogers.com: "ipsec AH"
• Next in thread: Chris McCoy: "Re: ipsec AH"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Oct 01 2003 - 07:24:25 GMT-3