Hi all,
I was wondering whether the above is possible at all, I created a policy under the ikev2 and without any options filled in I can see prf is by default set to sha
even though I disable this (per no prf sha), it still select this as a default. so to my understanding this is not possible under ASA/router. am I correct is stating this.
the reason to disable this under checkpoint device this is not available
KEv2-PROTO-5: (97): Failed to verify the proposed policies
IKEv2-PROTO-1: (97): Failed to find a matching policy
IKEv2-PROTO-1: (97): Received Policies:
Proposal 1: AES-CBC-256 Unknown - 56 SHA384 DH_GROUP_2048_MODP/Group 14
IKEv2-PROTO-1: (97): Failed to find a matching policy
IKEv2-PROTO-1: (97): Expected Policies:
Proposal 1: AES-CBC-256 SHA384 SHA384 DH_GROUP_2048_MODP/Group 14
Proposal 2: AES-CBC-256 SHA256 SHA384 DH_GROUP_2048_MODP/Group 14
Proposal 3: AES-CBC-256 SHA1 SHA384 DH_GROUP_2048_MODP/Group 14
IKEv2-PROTO-1: (97): Failed to find a matching policy
IKEv2-PROTO-1: (97):
I guess TAC would say the something which just mentioned!!
thanks in advance
Lance