Hi, and welcome to the UTM Community! 3DES is old, slow and less secure than AES 128. I would clone the "AES 128 PFS" policy in the UTM to create one named "AES 128 PFS SHA2 256" and adapt your Cisco to that if possible. Your current picture corresponds to the following with guesses at the lifetimes. Remember to check that the DPD and NAT-T settings on the 'Advanced' tab are the same as in the Cisco. Cheers - Bob
↧