05-25-2011 03:35 PM
ASA 5520 running 8.0.4
ASDM v.6.1
Need assistance understanding how in ASDM/Configuration/Site-to-Site VPN/Connection Profiles/ "Any Entry" I can specify that I only want to offer an IKE Proposal of pre-share-aes-256-sha?
The IKE Proposal field has a number of possible options including: pre-share-aes-256-md5, pre-share-3des-md5, pre-share-aes-256-sha, pre-share-aes-192-sha, pre-share-3des-md5, pre-share-aes-sha and pre-share-3des-sha.
I am able to pick a specific IPSec Proposal w/o issue but when I attempt to do the same for the IKE Proposal, and click OK the choice does not "stick" but rather returns to the entire list as defined above.
Thanks.
Solved! Go to Solution.
05-25-2011 06:05 PM
Hi,
IKE policies are defined globally on the ASA, there is no way to apply policy 1 to one connection and policy b to another.
You could remove all of the polciies except pre-share-aes-256-sha.
This could cause a problem in that other VPN connections might need one of the remove policies to connect.
Hope this helps.
Thanks,
Loren
05-25-2011 06:05 PM
Hi,
IKE policies are defined globally on the ASA, there is no way to apply policy 1 to one connection and policy b to another.
You could remove all of the polciies except pre-share-aes-256-sha.
This could cause a problem in that other VPN connections might need one of the remove policies to connect.
Hope this helps.
Thanks,
Loren
05-26-2011 07:13 AM
Thank you.
Is there a mechanism to assign your answer points as is often the case in other forums?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide