As a higher-level protocol, IPSec does not require any specific encryption algorithms. The manufacturers of IPSec products are thus free in their choice of the processes used. The following standards are common:
- AES – Advanced Encryption Standard AES is the official encryption standard for use by US authorities, and therefore one of the most important standards worldwide. Following a worldwide competition in the year 2000 to find the best of the numerous encryption algorithms, the National Institute of Standards and Technology (NIST) selected the Rijndael algorithm (pronounced: "Rinedoll") and declared it as the AES in 2001. AES is a symmetric key algorithm with variable block and encryption lengths. It has been developed by the Belgian scientists Joan Daemen and Vincent Rijmen, and features outstanding security, flexibility and efficiency.
- Triple DES (a.k.a. 3-DES) A further development of DES. The conventional DES algorithm is applied three times consecutively. Two or three different keys, each with a length of 56 bits are used. The key for the first run is reused for the third DES run. The result is a nominal key length of 168 bit, with an effective key length of 112 bits. Triple-DES combines the sophisticated DES technology with a sufficiently long key and is therefore considered to be secure. Triple-DES is slower than other processes, however.
Important: The encryption can be adapted from the command line. Modifications of this sort are generally only required when
setting up VPN connections between devices from different manufacturers.
