Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 9383 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPsec AES256: CBC or GCM?

Jelle

Hi,

is XG using CBC oder GCM with AES256 encryption and IPsec? Couldn't find anything about it.

Thanks.



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to LuCar Toni

    Well, I'd like to know which of them is used by the XG, not the difference between them.

    Or maybe it doesn't matter?

    Regards, Jelle

    Sophos XG210-HA (SFOS 18.0.4) on SG210 appliances with Sandstorm and 1x AP55
    Sophos Central with Intercept X Advanced, Device Encryption, Phish Threat, Mobile Control Advanced

    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Jelle

    My bad, misslead your question.

    Strongswan (the ipsec module) supports couple of different encryption methods.

    https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites

     

    XG will choose this for you and you can check it in the console. 

    console> show vpn connection status

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    CBC seems to be the preferred cipher with Cisco VPN/Sophos Connect. Is there a reason GCM is not used? GCM is a modern and faster cipher?

    console> show vpn connection status
    [154]: IKEv1 SPIs:
    [154]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
    {91}: AES_CBC_256/HMAC_SHA1_96

    Sophos Connect

  • 0 in reply to AndersK

    Sophos Connect uses IKEv1 and Remote Access IPsec. 

     

    I cannot comment on this at all, i do not have a IKEv2 Tunnel right now to verify, which Method is used. 

    __________________________________________________________________________________________________________________

Cookie Information Banner