Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
205
Views
2
Helpful
3
Replies

does IOS XE 17.12.3a support ISAKMP group 5 ?

Go to solution
Ramiro Beltran
Level 1
Level 1

‎10-11-2024 11:20 AM

I have a C8500-20X6C running version 17.12.3a and I want to config a IPSec tunnel with ISAKMP group 5, but looks like it is only supporting the bellow DF groups:

Router(config-isakmp)#group ?
14 Diffie-Hellman group 14 (2048 bit)
15 Diffie-Hellman group 15 (3072 bit)
16 Diffie-Hellman group 16 (4096 bit)
19 Diffie-Hellman group 19 (256 bit ecp)
20 Diffie-Hellman group 20 (384 bit ecp)
21 Diffie-Hellman group 21 (521 bit ecp)

do you know if there is some workaround to support the group 5  in this version ?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ramiro Beltran
Level 1
Level 1

‎10-11-2024 02:40 PM

Thank you All for your answers. 

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎10-11-2024 11:24 AM

@Ramiro Beltran DH group 5 has been depreciated because it is weak and no longer secure. You should really use a more secure DH group such as 20 or 21, if you really must use DH group 5 then you would have to downgrade the IOS-XE version, although not recommended.

Go to solution
MHM Cisco World
VIP
VIP

‎10-11-2024 11:36 AM

No it not support' if you use this router as spoke' then try add another policy in hub support new dh groups

MHM

Go to solution
Ramiro Beltran
Level 1
Level 1

‎10-11-2024 02:40 PM

Thank you All for your answers. 

 

0 Helpful
Customers Also Viewed These Support Documents