Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
324
Views
0
Helpful
1
Replies

How to change Phase 1 policy for a Site to site VPN.

prashantrecon
Level 1
Level 1

‎03-26-2012 09:51 PM - edited ‎03-11-2019 03:47 PM

Hi,

i have a site to site vpn.

It,s phase 1 policy is currently  3des and sha(policy no 20)

now i want to change the phase 1 policy of this site to site vpn .

I have multiple phase 1 policy .

i want to change to policy 10 (AES sha).

How can i do it USING CLI or ASDM.

Regards,

Prashant

Labels:
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎03-26-2012 10:33 PM

Hi,

To my understanding you can't choose a certain Phase1 parameters for the VPN connection. (Atleast I'm under the impression. If it's possible I would be interested too)

What you can change though is the order of your ISAKMP policys. As you have mentioned

The smaller the sequence number, the higher on the list it should be. When your ASA starts negotiation with another peer it should offer the first policy or compare the peers "suggestion" to your first policy.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card