Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1692
Views
0
Helpful
0
Replies

Is there any possibilty to disable PRF function in IKE V2,0

Lance Wendel
Level 1
Level 1

‎06-13-2017 05:35 AM

Hi all,

I was wondering whether the above is possible at all, I created a policy under the ikev2 and without any options filled in I can see prf is by default set to sha

even though I disable this (per no prf sha), it still select this as a default. so to my understanding this is not possible under ASA/router. am I correct is stating this.

the reason to disable this under checkpoint device this is not available

KEv2-PROTO-5: (97): Failed to verify the proposed policies
IKEv2-PROTO-1: (97): Failed to find a matching policy
IKEv2-PROTO-1: (97): Received Policies:
Proposal 1: AES-CBC-256 Unknown - 56 SHA384 DH_GROUP_2048_MODP/Group 14

IKEv2-PROTO-1: (97): Failed to find a matching policy
IKEv2-PROTO-1: (97): Expected Policies:
Proposal 1: AES-CBC-256 SHA384 SHA384 DH_GROUP_2048_MODP/Group 14

Proposal 2: AES-CBC-256 SHA256 SHA384 DH_GROUP_2048_MODP/Group 14

Proposal 3: AES-CBC-256 SHA1 SHA384 DH_GROUP_2048_MODP/Group 14

IKEv2-PROTO-1: (97): Failed to find a matching policy
IKEv2-PROTO-1: (97):

I guess TAC would say the something which just mentioned!!

thanks in advance

Lance

6 people had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents