10-11-2024 11:20 AM
I have a C8500-20X6C running version 17.12.3a and I want to config a IPSec tunnel with ISAKMP group 5, but looks like it is only supporting the bellow DF groups:
Router(config-isakmp)#group ?
14 Diffie-Hellman group 14 (2048 bit)
15 Diffie-Hellman group 15 (3072 bit)
16 Diffie-Hellman group 16 (4096 bit)
19 Diffie-Hellman group 19 (256 bit ecp)
20 Diffie-Hellman group 20 (384 bit ecp)
21 Diffie-Hellman group 21 (521 bit ecp)
do you know if there is some workaround to support the group 5 in this version ?
10-11-2024 11:24 AM
@Ramiro Beltran DH group 5 has been depreciated because it is weak and no longer secure. You should really use a more secure DH group such as 20 or 21, if you really must use DH group 5 then you would have to downgrade the IOS-XE version, although not recommended.
10-11-2024 11:36 AM
No it not support' if you use this router as spoke' then try add another policy in hub support new dh groups
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide