|
What are the best site-to-site VPN settings for VOIP?I have a customer who has a SIP PBX in their main office and are connecting to their branch offices via VPN. The main site has a USG 50 and the branches use the USG 20. The phones connect to the PBX over the VPN. I do not manage their network, but I do know they also RDP into a terminal server and access a file server. What is the best way to set up each VPN? Does it matter, performance wise, if I choose 3DES over AES? SHA over MD5? etc Each site has plenty of bandwidth up and down. (all sites have at least 75mbps/20mbps_) |
|
BranoI hate Vogons MVM join:2002-06-25 Burlington, ON (Software) OPNsense Ubiquiti UniFi UAP-AC-PRO Ubiquiti NanoBeam M5 16
|
Brano
MVM
2014-Apr-2 9:09 am
USG has WH acceleration for AES calculations. However key size matters as for performance. My suggestion based on theory (without any actual tests performed) go with SHA1/AES128. In my eyes this is optimal balance between speed and security. I'd avoid DES/3DES and MD5. |
|
|
Thanks! Could I expect to see lower latency for that setup compared to 3DES/MD5 when pinging across the VPN? |
|
|
BranoI hate Vogons MVM join:2002-06-25 Burlington, ON |
Brano
MVM
2014-Apr-2 10:06 am
No idea. I've not done any testing in this area. |
|
|
IT to andys03
Anon
2014-Apr-2 12:11 pm
to andys03
No |
|