cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
556
Views
0
Helpful
4
Replies
jomo frank
Beginner

Installing c890-universalk9-mz.158-3.M6.bin on C892FSP model router

Hello Expert,

 

 I have a copy of c890-universalk9-mz.158-3.M6.bin ios image and would like to install same on C892FSP model router.

Could this be done the reason I am updating IOS is allow me to use dh group 14 the current version has group DH 5 as the highest.

I am required to create  a IPSEC vpn connection (third party uses group DH14 ) to a third party Palo Alto device once the vpn tunnel is up and running successfully mission is accomplish.

 

 

Thanks

 

Regards

4 REPLIES 4
balaji.bandi
VIP Master

Get - c800-universalk9-mz.SPA.158-3.M6.bin image from cisco for the device to work.

 

15.7.X onwards support DH 15.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Community for Help

jomo frank
Beginner

Hello Balaji,

 

I installed the correct image but I using SDM to fo do my configuration.

I not seeing DH14 showing only up to DH 5.

how can I configure ike v2 to make DH 14 visible.

 

Could please assist with the Ike v2 configuration

 

Regards

 

 

 

If the update to 158-3 was successful then the router should support the more secure levels of DH. I believe that now you are encountering a limitation of SDM. I am not sure of a way to solve this limitation. You could check and see if a newer version of SDM is available and if so whether it supports the more secure level of DH. I am not optimistic that this will be successful. The other option would be to configure the vpn using CLI, which should certainly allow you to specify DH 14.

 

HTH

Rick

Can you post-show version to understand the issue along with what License you have ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Community for Help