04-11-2021 04:09 AM - edited 04-11-2021 04:22 AM
Hello Expert,
I have a copy of c890-universalk9-mz.158-3.M6.bin ios image and would like to install same on C892FSP model router.
Could this be done the reason I am updating IOS is allow me to use dh group 14 the current version has group DH 5 as the highest.
I am required to create a IPSEC vpn connection (third party uses group DH14 ) to a third party Palo Alto device once the vpn tunnel is up and running successfully mission is accomplish.
Thanks
Regards
04-11-2021 09:13 AM
Get - c800-universalk9-mz.SPA.158-3.M6.bin image from cisco for the device to work.
15.7.X onwards support DH 15.
04-13-2021 10:43 AM
04-13-2021 01:02 PM
If the update to 158-3 was successful then the router should support the more secure levels of DH. I believe that now you are encountering a limitation of SDM. I am not sure of a way to solve this limitation. You could check and see if a newer version of SDM is available and if so whether it supports the more secure level of DH. I am not optimistic that this will be successful. The other option would be to configure the vpn using CLI, which should certainly allow you to specify DH 14.
04-14-2021 11:52 AM
Can you post-show version to understand the issue along with what License you have ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide