Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
418
Views
0
Helpful
2
Replies

ASA 5516-X IPSec VPN tunnel with Sonicwall NSA 3600 SHA256 SHA-256

RANT
Level 1
Level 1

‎10-05-2022 02:33 PM

So I'm trying to get an IKEv2 tunnel working between my ASA 5516-X running 9.12(4)48 code and a Sonicwall SA3600. We couldn't get an IKEv2 tunnel working AT ALL!! They don't have a PRF selection, and I tried almost everything with no luck.

We finally built an IKEv1 tunnel. P1 AES256-SHA1 DH5, P2 AES256-SHA1 PFS DH5.

My question is this: why is SHA256 not supported in an IKEv1 tunnel?!?! Seems to me that a company making security appliances would want to better secure data through better encryption techniques. The guy at the other end could configure SHA256 for an IKEv1 IPsec tunnel.

Labels:
0 Helpful
2 Replies 2

Karsten Iwen
VIP
VIP

‎10-05-2022 05:50 PM

The same is possible on the IOS platform. IMO it's just a business decision not to implement the newer algorithms on IKEv1.

Initially you say there is no PRF section. Then it is likely that the Sonicwall defaults to the same algorithm as is used for integrity.

Do you have debugs from your tests? If you tried almost everything, it could be that you just missed the one settings that works.

0 Helpful

RANT
Level 1
Level 1
In response to Karsten Iwen

‎10-10-2022 05:32 AM

I did set the hash and prf settings to the same (SHA256), and still couldn't get the IKEv2 tunnel to negotiate. Fell back to an IKEv1 config due to operational needs.

0 Helpful
Customers Also Viewed These Support Documents