cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
665
Views
0
Helpful
5
Replies

Two VPN SiteTOSite with different Encryption Algo

foued kh
Level 1
Level 1

Hi Team,

I Have a site to site connect to another site of our office with encryption algorithm  IKE Policy :

- Authentication : pre-share

- encryption : aes-192

- DH : 2

 

I have to add a new site to site connection to another site but this time, the customer from the other side have sent to me the encryption algorithm  IKE Policy :

- Authentication : pre-share

- encryption : aes-256

- DH : 5

 

So, I created the new connection and suddenly the first connection is down. After check, I found that the DH of the first connection has cchanged to DH : 5.

Is there any solution please.

 

regards,

1 Accepted Solution

Accepted Solutions

Thank you for your feedback Sir.
I have resolved the problem by adding the two IKEv1 Policy, the CLI show command is as below :

crypto ikev1 policy 1
 authentication pre-share
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 2
 authentication pre-share
 encryption aes-256
 hash sha
 group 5
 lifetime 86400

 

The two VPN Connections are up now by adding the two IKEv1 policy in the same field :

 

111.PNG

 

Regards,

View solution in original post

5 Replies 5

Hi, What hardware is this on? Cisco ASA or Router?
Please upload the configuration on the device that is already working and an example what you added/changed.

Thank you for responding ,

In fact, I work with an ASA5515-x.
The existing VPN STS is as below :

 

111.png

The IKE Policy credentiels are :

111.png

The second VPN STS that I have to add is as below :

111.png

Regards,

Your first screenshot only shows there to be 1 IKE policy, can you confirm that both IKEv1 policies are assigned?

 

What is the output from the CLI? There should be at least 2 IKEv1 policies, one with Group 2 and the other with Group 5.

 

crypto ikev1 policy 5
 authentication pre-share
 encryption aes-192
 hash sha
 group 2
 lifetime 86400

 

crypto ikev1 policy 10
 authentication pre-share
 encryption aes-256
 hash sha
 group 5
 lifetime 86400

 

Thank you for your feedback Sir.
I have resolved the problem by adding the two IKEv1 Policy, the CLI show command is as below :

crypto ikev1 policy 1
 authentication pre-share
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 2
 authentication pre-share
 encryption aes-256
 hash sha
 group 5
 lifetime 86400

 

The two VPN Connections are up now by adding the two IKEv1 policy in the same field :

 

111.PNG

 

Regards,

The commands you entered via ASDM are the same as the CLI commands I provided, just a different way of inputting into the ASA.

Glad I could assist in helping you resolve this!
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: