Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4701
Views
25
Helpful
2
Replies

diffie-hellman groups supports in version 6.7

Go to solution
support040
Level 1
Level 1

‎01-28-2021 05:13 AM

Hi,

I need a simple Answer please ...

all release Notes tells us some DH groups not supported in FTD version 6.7

 

 

Please give me a simple answer:

 

WHICH DH groups WILL support in FTD version 6.7 for IKE v1 and V2 for Phase 1 and 2 ????

 

thanks for your clear answer 

Ashkan

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎01-28-2021 05:19 AM

@support040 

The following DH groups are supported from FTD 6.7:- 14,15, 16, 19, 20 and 21

FTD 6.7 removed support for:- 2, 5 and 25

 

HTH

View solution in original post

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-28-2021 05:47 AM

So...

"If you are still using these features in IKE proposals or IPsec policies, change and verify your VPN configuration before you upgrade."

If you don't do that, the upgrade will break them.

Note that ASA 9.15 similarly removes support for DH groups 2 and 24 (as well as some less-secure encryption algorithms and hashes).

https://www.cisco.com/c/en/us/td/docs/security/asa/asa915/release/notes/asarn915.html#id_25471

View solution in original post

2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

‎01-28-2021 05:19 AM

@support040 

The following DH groups are supported from FTD 6.7:- 14,15, 16, 19, 20 and 21

FTD 6.7 removed support for:- 2, 5 and 25

 

HTH

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-28-2021 05:47 AM

So...

"If you are still using these features in IKE proposals or IPsec policies, change and verify your VPN configuration before you upgrade."

If you don't do that, the upgrade will break them.

Note that ASA 9.15 similarly removes support for DH groups 2 and 24 (as well as some less-secure encryption algorithms and hashes).

https://www.cisco.com/c/en/us/td/docs/security/asa/asa915/release/notes/asarn915.html#id_25471

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card