Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3826
Views
0
Helpful
3
Replies

ASA 5500 SHA-256

Julio_Lapaca
Level 1
Level 1

‎09-18-2018 12:25 PM - edited ‎03-12-2019 05:30 AM

Hello,

        I am searching for SHA-256 support in IPSEC VPN site to site for the Cisco ASA , what is the supported model/software as i can't see it in the available hashing algorithms in ASA 5500.

 

Thanks,

Julio César

Labels:
0 Helpful
3 Replies 3

Roy Harrington
Cisco Employee
Cisco Employee

‎09-20-2018 04:48 PM

Ikev2 on 5500 series cannot use sha256 this is a hardware limitation due to the architecture of the CPU. You can also see the limitation listed here :

 

 https://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/vpn/asa_91_vpn_config/vpn_ike.html#pgfId-1042794

 

“SHA-256 can be used for integrity and PRF to establish IKEv2 tunnels, but it can also be used for ESP integrity protection on the newer ASA platforms (and not 5505, 5510, 5520, 5540, or 5550).”

0 Helpful

Julio_Lapaca
Level 1
Level 1
In response to Roy Harrington

‎09-22-2018 01:43 PM

thanks Roy

 

one more question: And with ikev1 you can not use sha256 either?

0 Helpful

Julio_Lapaca
Level 1
Level 1

‎09-22-2018 01:41 PM

thanks Roy

 

one more question: And with ikev1 you can not use sha256 either?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents