I appreciate the info on newer DH groups for ASA. I also find the following IBM document helpful:
IBM z/OS IPSec Documentation - quote from article follows
"Guideline: If you are using encryption or authentication algorithms with a 128-bit key, use D...
Hello Andre, this is a confirmed issue with Cisco. There is an official bug listed as "ENH: Multiple Peers support for IKEv2 CSCud22276" (Cisco customer login required to view bug). See also the Cisco TAC Document "Migration of IKEv1 to IKEv2 L2L Tun...
I found this limitation listed in the Cisco documentation.Book 3: Cisco ASA Series VPN CLI Configuration Guide, 9.1 - Configuring IPSec and ISAKMP - Creating a Basic IPsec Configuration - Note at end of Step 2:"... SHA-256 ... can also be used for ES...