Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2918
Views
70
Helpful
5
Replies

cisco asa 5516-X version 9.x support AES-GCM

Go to solution
m.petrov1
Level 1
Level 1

‎02-24-2022 04:03 AM

Hi,

I want to know if cisco asa 5516-X version 9.x support for IPsec encryption with AES-GCM and IPsec integrity with SHA-256, SHA-384 or SHA-512 for S2S VPN with Azure.

2 Accepted Solutions

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎02-24-2022 04:07 AM - edited ‎02-24-2022 04:20 AM

@m.petrov1 yes, the ASA 5516-X supports it, you will need to use IKEv2 though. From memory it was introduced in 8.x, so if you are running 9.x you should be fine.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/vpn-ike.html

 

View solution in original post

Go to solution
Rob Ingram
VIP
VIP
In response to m.petrov1

‎02-24-2022 04:23 AM - edited ‎02-24-2022 04:24 AM

@m.petrov1 the information you provided refers to the older ASA model hardware, the 5516-X supports IKEv2 so you can use those algorithms.

View solution in original post

5 Replies 5

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎02-24-2022 04:06 AM

Look at the relases and features :

 

https://www.cisco.com/c/en/us/td/docs/security/asa/roadmap/asa_new_features.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
m.petrov1
Level 1
Level 1
In response to balaji.bandi

‎02-24-2022 04:19 AM

Thanks, but I found this information on site of Microsoft Azure for Cisco ASA:
Support for IPsec Encryption with AES-GCM and IPsec Integrity with SHA-256, SHA-384, or SHA-512, requires ASA version 9.x. This support requirement applies to newer ASA devices. At the time of publication, ASA models 5505, 5510, 5520, 5540, 5550, and 5580 do not support these algorithms. Consult your VPN device specifications to verify the algorithms that are supported for your VPN device models and firmware versions.

My cisco ASA is version 9.8(2).

Go to solution
Rob Ingram
VIP
VIP
In response to m.petrov1

‎02-24-2022 04:23 AM - edited ‎02-24-2022 04:24 AM

@m.petrov1 the information you provided refers to the older ASA model hardware, the 5516-X supports IKEv2 so you can use those algorithms.

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to m.petrov1

‎02-24-2022 05:46 AM

yes it support the version i have provided for your models

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Rob Ingram
VIP
VIP

‎02-24-2022 04:07 AM - edited ‎02-24-2022 04:20 AM

@m.petrov1 yes, the ASA 5516-X supports it, you will need to use IKEv2 though. From memory it was introduced in 8.x, so if you are running 9.x you should be fine.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/vpn-ike.html

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card