Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
245
Views
0
Helpful
1
Replies

ISAKMP SA showing different encryption than configured

Rahul Kumar Mishra
Level 1
Level 1

‎08-01-2014 05:54 AM - edited ‎03-11-2019 09:34 PM

hi,

I have configured site to site vpn with client's firewall. We have mutually configured 3des as encryption however when I checked ISAKMP SA on my firewall it shows AES-256 as encryption...The vpn is active and the traffic is passing through the vpn.. I just wanted to know why it is showing AES-256 while 3des is configured? Both end have ASA firewall. I have software 8.6(1)2 while remote end has 8.3 (2).

 

Labels:
0 Helpful
1 Reply 1

rizwanr74
Level 7
Level 7

‎08-26-2014 10:07 AM

Hi Rahul,

For phase 1 ISAKMP, these parameters exists on both devices, at the time of exchange between ASAs will pick a proposal given by an ASA, assuming AES-256 encryption is defined for the phase 1 negotiation.  If you choose not to use AES-256 encryption for phase 1 negotiation, only way to force it by removing policy that contains the AES-256 encryption for phase 1.

 

Hope that answers your question.

 

Thanks

Rizwan Rafeek.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card