Follow

VPN Encryption Options


Welcome to Ecessa Support, we have a variety of technical information and tools for a variety of solutions. If you aren't finding a solution, or would like to talk to a technical support team member, please call 800-669-6242.
Please note that as of Jan 3rd, 2025, support tickets will be handled by OneNet Global Support team. Please see OneNet Global Support Portal - End User Instructions for guided information on how to use the OneNet Global ticketing system.

See Ecessa's full line of products and solutions

There are several configuration options for VPNs that affect both the security and speed of the tunnel.  Prior to version 12.1.0 the defaults are a setting called "ANY" which allows the Ecessa device to negotiate the settings from all of the available options.

vpn_any_defaults.png

In versions 12.1.0 and newer the defaults are specific options instead of using "ANY".

vpn_specific_defaults.png

The reason for this change is that "ANY" often results in packet fragmentation during the initial VPN establishment, which can prevent it from connecting, and may result in an unexpected security level depending on what options are negotiated.

The following table shows what two Ecessa devices using "ANY" would negotiate compared to the defaults in 12.1.0.

Option

12.0.2

12.1.0

Phase 1 Encryption

AES128 (CBC)

AES256 (CBC)

Phase 1 Authentication

ESP SHA1

ESP SHA2 256

IKE Group

Group 5

Group 14

Phase 2 Encryption

AES128 (CBC)

AES256 (CBC)

Phase 2 Authentication

ESP SHA1

ESP SHA2 256

 

Was this article helpful?
0 out of 0 found this helpful

0 Comments

Article is closed for comments.