07-28-2018 12:20 PM - edited 03-12-2019 05:28 AM
Hi,
We are trying to establish site to site VPN with one of our partner network we were able to establish VPN connectivity by using only 3DES encryption method when we try to use AES-256 tunnel is not getting established. At our end we are using ASR1002-x at the partner end they are using Juniper SRX .
Cisco no longer recommend to use 3DES when we try to use AES it is not working. Is there is any compatible issue between these devices to use AES or we can try with IKEv2 along with AES- CBC or GCM encryption methods and will it support between Cisco ASR and Juniper SRX.
Please suggest on this situation. If no other way then whether we need to go with 3DES only.
Thanks in Advance.
07-29-2018 10:23 AM
Hey Abushayeed,
Please find the relevant doc for IOS-XE NGE Product technote: NGE Support.
There should not be any problem with AES-256 as there are no compatibility issues on this matter.
Attach isakmp and ipsec debugs if possible.
07-29-2018 12:25 PM
Thanks for the reply. As we had already established the tunnel we need some down time to perform the change and debug.
Is there any other criteria do we need to follow like DH group life time etc in crypto configuration.
Could you please let me know what are all the other details required for trouble shooting.
07-29-2018 05:49 PM
07-30-2018 12:02 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide