Explore Cisco
How to Buy

Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Next-Generation Encryption

Meeting Today s Data Security Requirements

Learn how NGE can help you meet current and evolving security requirements.

Next-Generation Encryption (NGE) for Secure Connectivity at a Glance

A quick overview of Cisco NGE and how it can be used to help secure your networks.

Meet Increasing Security NeedsMeet Increasing Security Needs

Cisco Next-Generation Encryption evolves traditional encryption technology. (54:25 min)

Strengthen Your ISR

Enhance Cisco Integrated Services Router performance with hardware-accelerated VPNs.

Meet escalating security and performance requirements with the new algorithms and protocols for encryption, authentication, digital signatures, and key exchange in Cisco Next-Generation Encryption (NGE).

Many of the algorithms that are currently in extensive use cannot effectively scale to meet today's changing security and performance needs. For example:

  • RSA signatures and Diffie-Helman (DH) key exchange are increasingly inefficient as security levels rise.
  • Cipher Block Chaining (CBC) encryption performs poorly at high data rates.
  • IPsec VPNs use numerous component algorithms, limiting security to the lowest security level of each component.

What you need is the complete algorithm suite in Cisco NGE. In this suite, each component provides a consistently high level of security, and can effectively scale to high throughput and large numbers of connections.

Advances in Cryptography

Cisco NGE technology offers a complete algorithm by using:

  • Elliptic curve cryptography (ECC) to replace RSA and DH
  • Galois/Counter Mode (GCM) of the Advanced Encryption Standard (AES) block cipher for high-speed authenticated encryption
  • SHA-2 for Hashing operations to replace MD5 and SHA-1

The algorithms that make up NGE are the result of more than 30 years of global advances and evolution in cryptography. Each component of NGE has its own history, depicting the diverse history of the NGE algorithms, and their longstanding academic and community review. NGE comprises globally created, globally reviewed, and publicly available algorithms.

In addition, NGE algorithms are integrated into IETF, IEEE, and other international standards. As a result, NGE algorithms have been applied to the most recent and highly secure protocols for protecting user data, such as Internet Key Exchange Version 2 (IKEv2)Transport Layer Security (TLS) Version 1.2.

Move to New Cryptography

Read this white paper to learn about cryptography and next-generation encryption.


Cisco Next-Generation Encryption (NGE) evolves traditional encryption technology to meet today's increasing security needs while improving scalability and efficiency. The following figure shows a list of technologies that are included in NGE.

Read more

Increase Security While Improving Scalability

Cisco is leading the market with a breadth of products, including entire architectures, that incorporate Next-Generation Encryption (NGE). Cisco NGE offers the following features and benefits:

  • Uses upgraded algorithms, key sizes, protocols, and entropy to meet security requirements
  • Offers a complete algorithm suite in which each component provides a consistently high level of security
  • Can effectively scale to meet high throughput and large numbers of connections
  • Can scale down to meet the security needs of low-power devices while being efficient in battery use

NGE is also compatible with existing security architectures including:

  • Remote Access VPN
  • Site to Site VPN
  • Secure Unified Collaboration

It is also compatible with a number of government standards, including:

  • U.S. Federal Information Processing Standards 140 Series (FIPS-140)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • PCI

The VPN Internal Service Module  brings Next-Generation Encryption (NGE) technologies to IP Security (IPsec) VPNs. This module provides a security level of 128 bits or more. In addition, the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco AnyConnect Secure Mobility Solution provide NGE capabilities for remote-access security using IPsec.

*ISRG2, ASA, AnyConnect, and ASR support NGE in IPsec VPN
**Nexus 7k, Cat6k, 45xx and 35xxx support MACSec, which uses NGE for wire-rate authenticated encryption

These technologies are comprehensive, and the use of NGE helps a system:

  • Meet security requirements
  • Operate with products that use NGE to meet scalability requirements

In addition, NGE is integrated into IETF standards and meets many global government requirements for cryptography.