08-22-2019 06:41 PM - edited 02-21-2020 09:25 AM
I have the following in my crypto map configs on an ASA for an IPSEC tunnel:
crypto map out_map 1 set ikev2 ipsec-proposal prop1 prop2 aes256 prop3
As you can see there are 4 proposals referenced I believe when the other side of tunnel/peer only has 1 proposal I believe prop3.
If I just remove all proposals and just leave prop 3 it will temporarily break the tunnel connection correct?
Is the best way to do it just to do:
no crypto map out_map 1 set ikev2 ipsec-proposal prop1 prop2 aes256 prop3
crypto map out_map 1 set ikev2 ipsec-proposal prop3
Solved! Go to Solution.
08-23-2019 12:43 AM
08-24-2019 03:01 PM
you can just remove proposals which you dont need, just like this "no crypto map out_map 1 set ikev2 ipsec-proposal prop1 prop2 aes256" it should keep the prop3 as it is.
But make sure the tunnels don't use them just as @Rob Ingram said.
08-23-2019 12:43 AM
08-24-2019 03:01 PM
you can just remove proposals which you dont need, just like this "no crypto map out_map 1 set ikev2 ipsec-proposal prop1 prop2 aes256" it should keep the prop3 as it is.
But make sure the tunnels don't use them just as @Rob Ingram said.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide