Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
366
Views
0
Helpful
2
Replies

ASDM wants to push crypto ipsec ikev1 transform-set changes after upgrade

swagoner1
Level 1
Level 1

‎02-12-2016 07:55 PM - edited ‎03-12-2019 12:17 AM

Yesterday I upgraded from 8.4 to 8.4 7.30 to fix the ike vulnerability. Also upgraded from ASDM 6.4 to 7.1(7).  Its an active/standby cluster and upgrade went fine.  But when I open a VPN tunnel in ASDM then cancel it -without making any changes the "apply" buttom becomes active and shows it wants to push the list of changes below. Not sure why its wanting to do this, if its going to hurt anything, or if its just a cosmetic change?

Thanks.

crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
      crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
      crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
      crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
      crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
      crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
      crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
      crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
      crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
      crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
      crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
      crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
      crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
      crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
      crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
      crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
      crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
      crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
      crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
      crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport

Labels:
0 Helpful
2 Replies 2

Philip D'Ath
VIP Alumni
VIP Alumni

‎02-14-2016 11:23 AM

What a pain.

It wont affect anything. It is just creating "system" transform sets.

Was their a newer ASDM available?

0 Helpful

9724784591
Level 1
Level 1

‎02-16-2016 09:30 AM

Swagoner1, we are actually in the same boat, with the same version upgrade to do at my company.  It would be super convenient if you have a few moments for a for a quick chat to ask you how it went.  I haven't found a ton of people who have went from 8.4 to 8.4(7.30). I'll gladly send you an amazon gift card to compensate you for your time.  My number is 972-665-5886.  -Andrew

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card