IPSec Site2Site VPN Performance - which is the best configuration?
Options
lightskyblue
Posts: 1 Freshman Member
Hi there
We are using a IPSec Site2Site VPN.
At each site there is a Zyxel VPN300 with fiber wan (1Gbps/1Gpbs).
There are several options for IKE (IKEv1, IKEv2), Encryption (DES, 3DES, AES128, AES192, AES256), Authentication (MD5, SHA1, SHA256, SHA512) and also Perfect Forward Secrecy (DH1, DH2, DH5, DH14).
Are there some "best practises"?
Which is the best mix between security and performance?
What are your experiences?
Does the new VPN300 models have some special CPU support for some encryption methods?
Best regards
We are using a IPSec Site2Site VPN.
At each site there is a Zyxel VPN300 with fiber wan (1Gbps/1Gpbs).
There are several options for IKE (IKEv1, IKEv2), Encryption (DES, 3DES, AES128, AES192, AES256), Authentication (MD5, SHA1, SHA256, SHA512) and also Perfect Forward Secrecy (DH1, DH2, DH5, DH14).
Are there some "best practises"?
Which is the best mix between security and performance?
What are your experiences?
Does the new VPN300 models have some special CPU support for some encryption methods?
Best regards
0
Comments
-
@lightskyblue
The encryption/hashing algorithm should be chosen by users themselves. I think there is no so called “best practice” but more likely a tradeoff between “Security” and “Throughput”. If you use a complex algorithm to encrypt your data, it consumes the CPU and sure the throughput will be lower.
0
Categories
- All Categories
- 397 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 52 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 221 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 63 Security Highlight