ScreenOS Firewalls (NOT SRX)
Highlighted
ScreenOS Firewalls (NOT SRX)

NS-25 VPN: AES or 3DES?

‎04-15-2009 03:02 AM
I'm facing a VPN connection with a Netscreen-25 on "our" side. The specific traffic will be between 4 and 8 Mbps. Which encryption method should I prefer performance-wise? AES(128) or 3DES? I could not find any info on specific encryption accelaration circuits in the NS-25.
JNCIA-FWV - JNCIA-IDP - Proud JNet Expert shirt owner 🙂
4 REPLIES 4
Highlighted
ScreenOS Firewalls (NOT SRX)

Re: NS-25 VPN: AES or 3DES?

‎04-15-2009 08:57 AM

Hi ric0,

 

I would go with 3Des-Sha1.

 

Regards,

Highlighted
ScreenOS Firewalls (NOT SRX)

Re: NS-25 VPN: AES or 3DES?

‎04-16-2009 01:20 AM

Why would you choose 3DES? On another forum I was advised to use AES because it is a lighter (computation wise) encryption protocol. Does the NS-25 have any AES or 3DES offloading circuit?

JNCIA-FWV - JNCIA-IDP - Proud JNet Expert shirt owner 🙂
Highlighted
ScreenOS Firewalls (NOT SRX)

Re: NS-25 VPN: AES or 3DES?

‎04-17-2009 08:58 AM
If the NS-25 does not have an 3DES ASIC, then I would definitely go for the AES...  In fact, even if it has an ASIC, AES would get you almost the same throughput (if not better)
---------------------------------------------
http://www.corelan.be:8800
---------------------------------------------
*** Don't forget to hit the Kudos button if my answer was helpful ***
Highlighted
ScreenOS Firewalls (NOT SRX)

Re: NS-25 VPN: AES or 3DES?

‎04-18-2009 07:17 AM
AES encryption is in software, while 3DES is in hardware.  If you want more security, go with AES.  If you want faster performance, go with 3DES.  As always, optimum performance is gained with less security, and vice versa.
Feedback