Solved: Re: cisco 897VA-M-K9 supported encryption modes

francisco.j.romao · ‎03-15-2021

HI,

According with datasheet Cisco 800 series has:

Hardware-accelerated DES, 3DES, AES 128, AES 192, and AES 256

I need to change existing 3DES encryption to AES256.

When I try to configure transform-set this are the options I get:

ah-md5-hmac AH-HMAC-MD5 transform
ah-sha-hmac AH-HMAC-SHA transform
ah-sha256-hmac AH-HMAC-SHA256 transform
ah-sha384-hmac AH-HMAC-SHA384 transform
ah-sha512-hmac AH-HMAC-SHA512 transform
comp-lzs IP Compression using the LZS compression algorithm
esp-3des ESP transform using 3DES(EDE) cipher (168 bits)
esp-aes ESP transform using AES cipher
esp-des ESP transform using DES cipher (56 bits)
esp-gcm ESP transform using GCM cipher
esp-gmac ESP transform using GMAC cipher
esp-md5-hmac ESP transform using HMAC-MD5 auth
esp-null ESP transform w/o cipher
esp-seal ESP transform using SEAL cipher (160 bits)
esp-sha-hmac ESP transform using HMAC-SHA auth
esp-sha256-hmac ESP transform using HMAC-SHA256 auth
esp-sha384-hmac ESP transform using HMAC-SHA384 auth
esp-sha512-hmac ESP transform using HMAC-SHA512 auth

Can't find useful info on Cisco feature navigator anymore

TIA

FRancisco

Rob Ingram · ‎03-15-2021

@francisco.j.romao

This is what you want "esp-aes ESP transform using AES cipher", it should allow you to define 256, 192 when you come to configure it.

FYI, this "esp-gcm ESP transform using GCM cipher" - is more secure.

View solution in original post

Rob Ingram · ‎03-15-2021

@francisco.j.romao

This is what you want "esp-aes ESP transform using AES cipher", it should allow you to define 256, 192 when you come to configure it.

FYI, this "esp-gcm ESP transform using GCM cipher" - is more secure.

francisco.j.romao · ‎03-16-2021

Thats it. Thank you very much.