cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1317
Views
0
Helpful
1
Replies

Question on IKE Policy Priorities + Connection Profiles

balldigy1982
Level 1
Level 1

I have a question in regards to setting up an IPSEC Site-To-Site tunnel.

In creation of the tunnel (either by going through the wizard or manually) there is a step to setup the IKE Proposal. From my understanding, this is a global priority list that is referenced between peers. However, I have many connection profiles setup between our ASA and multiple Vendors. Is there a way to specify the IKE Proposal by Connection Profile instead of by global priorities?

I have a scenario where the IKE Proposal is resulting in a 3des-sha encryption but both I and the vendor expect it to be setup using AES-128-sha.

If I were to change the global priority, would there be anything that would significantly break? Would changing the priority to have the 3des encryption with a higher number sever the connections that are currently using it?

Thanks

1 Reply 1

andduart
Level 1
Level 1

Hi,

You can define it under the connection profile, by using cli this will be under general-attributes ex. isakmp policy #

Regards,

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: