cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

1078
Views
0
Helpful
1
Replies
Highlighted
Beginner

Question on IKE Policy Priorities + Connection Profiles

I have a question in regards to setting up an IPSEC Site-To-Site tunnel.

In creation of the tunnel (either by going through the wizard or manually) there is a step to setup the IKE Proposal. From my understanding, this is a global priority list that is referenced between peers. However, I have many connection profiles setup between our ASA and multiple Vendors. Is there a way to specify the IKE Proposal by Connection Profile instead of by global priorities?

I have a scenario where the IKE Proposal is resulting in a 3des-sha encryption but both I and the vendor expect it to be setup using AES-128-sha.

If I were to change the global priority, would there be anything that would significantly break? Would changing the priority to have the 3des encryption with a higher number sever the connections that are currently using it?

Thanks

Everyone's tags (5)
1 REPLY 1
Beginner

Question on IKE Policy Priorities + Connection Profiles

Hi,

You can define it under the connection profile, by using cli this will be under general-attributes ex. isakmp policy #

Regards,

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here