Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
355
Views
0
Helpful
0
Replies

Router Ipsec Transform Sets help - How many algorithms can I use?

paulchester83
Level 1
Level 1

‎07-27-2020 06:38 AM

Hi 

 

We are currently running a bunch of DMVPNs (currently using PSK) into one of our DCs. This DC is about to close and we are migrating the DMVPNS over to our newer DC.

 

The problem i have is that in the new DC the head end is a 4000 series router and the site connecting is an old hat 877. 

 

On the newer head end we use certs and 512 IPsec algorithm: 

 

crypto ipsec transform-set TRANSFORM_SET esp-aes 256 esp-sha512-hmac
mode transport

 

But the 877 does not support this, the max it will do is: 

crypto ipsec transform-set TRANSFORM_SET esp-aes 256 esp-sha-hmac

 

So the question .. Can I add esp-sha-hmac on to the end of my head end transform set so in theory it would look like the following: 

crypto ipsec transform-set TRANSFORM_SET esp-aes 256 esp-sha512-hmac esp-sha-hmac

 

and hopefully would allow the VPN to establish for routers using esp-sha512-hmac & esp-sha-hmac

 

In my head I should be able to do this as the inline help looks like it gives me that option but I've never implemented it before and im concerned it may drop all the other DMVPNs should i do this.  We will be replacing the 877 with a newer model but with the DC closing at the end of august, needs must and we have to move as it is and I want a catch all policy incase there are other routers with the same issue. 

 

Many Thanks

Paul C

0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents