08-01-2017 11:01 PM
Hi,
i have an requirement to create site to site vpn with ikeV1 hash SHA-256 with Group - 14 which version of ASA image will support in my ASA 5520?
PHASE 1 | Exchange Mode | Main | ||
Authentication Method | Pre-shared Key | |||
Encryption | AES-256 | |||
Hash | SHA-256 | |||
Diffie-Hellman Group | Group 14 (2048 bit) | |||
Lifetime (Seconds) | 86400 | |||
Suaim.
08-01-2017 11:18 PM
Hi,
I do not think ASA supports group 14 for Ikev1.
There is an enhancement filed for the same:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuv51888/?referring_site=bugquickviewredir
Regards,
Aditya
Please rate helpful and mark correct answers
08-02-2017 02:35 AM
You have to move to IKEv2 if you want to use more modern crypto on the ASA. There you could use the above mentioned algorithms for the IKE-SA. But for the IPsec-SAs you still are bound to the legacy crypto. For IKEv2 you have to upgrade your ASA to at least 8.4.
08-02-2017 02:35 AM
thanks Karsten.
08-02-2017 03:51 AM
And remember that your ASA version has reached end of SW-Maintenance. You are putting your company at risk if you don't update.
08-02-2017 05:32 AM
we are going to replace the device.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide