03-24-2020 08:06 PM
How can I tell if may ASA 5525-X supports the following:
hmac-sha2-256
hmac-sha2-384
hmac-sha2-512
and if it does how do I enable it. My software ver is :
Cisco Adaptive Security Appliance Software Version 9.7(1)24
03-24-2020 09:02 PM
For IKEv2 you can configure the HMAC-SHA2 variants:
IKEv1 is limited to SHA/HMAC-160 (or MD5/HMAC-128)
03-25-2020 12:33 AM
Hi,
Whatever is part of the Suite B (Next Generation Algorithms), including what you're asking for, is only supported on the ASA for IPsec tunnels build over IKEv2, so not for IPsec tunnel over IKEv1. With IKEv2 IPsec tunnels, you can use the Suite B algorithms for both the IKEv2 and IPsec tunnel (or only for one, you choose), while with IKEv1 IPsec tunnels, you can't use Suite B algorithms for IKEv1 or IPsec tunnel.
Regards,
Cristian Matei.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: