Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3716
Views
5
Helpful
5
Replies

ASA 5520 with version 8.2(5) SHA-256 on ikeV1

suaim.latheef
Level 1
Level 1

‎08-01-2017 11:01 PM

Hi,

i have an requirement to create site to site vpn with ikeV1 hash SHA-256 with Group - 14 which version of ASA image will support in my ASA 5520?

PHASE  1 Exchange Mode Main
Authentication Method Pre-shared Key
Encryption AES-256
Hash SHA-256
Diffie-Hellman Group Group 14 (2048 bit)
Lifetime (Seconds) 86400
   

Suaim.

Labels:
0 Helpful
5 Replies 5

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎08-01-2017 11:18 PM

Hi,

I do not think ASA supports group 14 for Ikev1.

There is an enhancement filed for the same:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuv51888/?referring_site=bugquickviewredir

Regards,

Aditya

Please rate helpful and mark correct answers

0 Helpful

Karsten Iwen
VIP
VIP

‎08-02-2017 02:35 AM

You have to move to IKEv2 if you want to use more modern crypto on the ASA. There you could use the above mentioned algorithms for the IKE-SA. But for the IPsec-SAs you still are bound to the legacy crypto. For IKEv2 you have to upgrade your ASA to at least 8.4.

suaim.latheef
Level 1
Level 1
In response to Karsten Iwen

‎08-02-2017 02:35 AM

thanks Karsten.

0 Helpful

Karsten Iwen
VIP
VIP
In response to suaim.latheef

‎08-02-2017 03:51 AM

And remember that your ASA version has reached end of SW-Maintenance. You are putting your company at risk if you don't update.

0 Helpful

suaim.latheef
Level 1
Level 1
In response to Karsten Iwen

‎08-02-2017 05:32 AM

we are going to replace the device.

0 Helpful
Customers Also Viewed These Support Documents