cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
697
Views
0
Helpful
0
Replies
Beginner

Is there any possibilty to disable PRF function in IKE V2,0

Hi all,

I was wondering whether the above is possible at all, I created a policy under the ikev2 and without any options filled in I can see prf is by default set to sha

even though I disable this (per no prf sha), it still select this as a default. so to my understanding this is not possible under ASA/router. am I correct is stating this.

the reason to disable this under checkpoint device this is not available

KEv2-PROTO-5: (97): Failed to verify the proposed policies
IKEv2-PROTO-1: (97): Failed to find a matching policy
IKEv2-PROTO-1: (97): Received Policies:
Proposal 1: AES-CBC-256 Unknown - 56 SHA384 DH_GROUP_2048_MODP/Group 14

IKEv2-PROTO-1: (97): Failed to find a matching policy
IKEv2-PROTO-1: (97): Expected Policies:
Proposal 1: AES-CBC-256 SHA384 SHA384 DH_GROUP_2048_MODP/Group 14

Proposal 2: AES-CBC-256 SHA256 SHA384 DH_GROUP_2048_MODP/Group 14

Proposal 3: AES-CBC-256 SHA1 SHA384 DH_GROUP_2048_MODP/Group 14

IKEv2-PROTO-1: (97): Failed to find a matching policy
IKEv2-PROTO-1: (97):

I guess TAC would say the something which just mentioned!!

thanks in advance

Lance

Everyone's tags (1)