Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
62
Views
0
Helpful
2
Replies

does IOS XE 17.12.3a support ISAKMP group 5 ?

Ramiro Beltran
Level 1
Level 1

‎10-11-2024 11:20 AM

I have a C8500-20X6C running version 17.12.3a and I want to config a IPSec tunnel with ISAKMP group 5, but looks like it is only supporting the bellow DF groups:

Router(config-isakmp)#group ?
14 Diffie-Hellman group 14 (2048 bit)
15 Diffie-Hellman group 15 (3072 bit)
16 Diffie-Hellman group 16 (4096 bit)
19 Diffie-Hellman group 19 (256 bit ecp)
20 Diffie-Hellman group 20 (384 bit ecp)
21 Diffie-Hellman group 21 (521 bit ecp)

do you know if there is some workaround to support the group 5  in this version ?

Labels:
0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎10-11-2024 11:24 AM

@Ramiro Beltran DH group 5 has been depreciated because it is weak and no longer secure. You should really use a more secure DH group such as 20 or 21, if you really must use DH group 5 then you would have to downgrade the IOS-XE version, although not recommended.

0 Helpful

MHM Cisco World
VIP
VIP

‎10-11-2024 11:36 AM

No it not support' if you use this router as spoke' then try add another policy in hub support new dh groups

MHM

0 Helpful
Customers Also Viewed These Support Documents