Firewall Wizards mailing list archives

RE: Cisco Firewall IOS question

From: Eric Vyncke <evyncke () cisco com>
Date: Wed, 07 Oct 1998 22:26:25 +0200

Ryan,

See comments in-line.

At 22:21 6/10/98 -0700, Ryan Russell wrote:

The Firewall IOS Feature Set Plus IPSEC 56 does in fact include
encryption (56 bit IPSEC with your choice of several methods)



Thanks for the info.  Some of this is new since I last looked (and it
wasn't all THAT long ago.)  The good news is that I was wrong and
you can have the FW feature set w/crypto.  Either the Cisco
(non-standard) crypto or IPSec flavor.  It's available now as
an 11.3T release.

The bad news is that the names imply that it's still limited to
56-bit.  Isn't there a longer bit-length that's considered mandatory
for IPSec (3-DES or some such) or was that just wishful thinking
on my part?


The only mandatory transform for ESP in IPSec is 56-bit DES.

It is expected that IOS 12.0T will have triple DES.

Hope it helps you

-eric


Eric Vyncke      
Consulting Engineer                Cisco Systems Belgium SA/NV
Phone:  +32-2-778.4677             Fax:    +32-2-778.4300
E-mail: evyncke () cisco com          Mobile: +32-75-312.458

Current thread:

Cisco Firewall IOS question Chris Hughes (Oct 05)
- Re: Cisco Firewall IOS question Leonard Miyata (Oct 05)
- <Possible follow-ups>
- Re: Cisco Firewall IOS question Ryan Russell (Oct 06)
  - RE: Cisco Firewall IOS question James D. Wilson (Oct 07)
- RE: Cisco Firewall IOS question Ryan Russell (Oct 07)
  - RE: Cisco Firewall IOS question Eric Vyncke (Oct 09)
- Re: Cisco Firewall IOS question Steve Bellovin (Oct 13)