Solved: How to define specific IKE proposal for specific L2L tunnel?

miketallman · ‎05-25-2011

ASA 5520 running 8.0.4

ASDM v.6.1

Need assistance understanding how in ASDM/Configuration/Site-to-Site VPN/Connection Profiles/ "Any Entry" I can specify that I only want to offer an IKE Proposal of pre-share-aes-256-sha?

The IKE Proposal field has a number of possible options including: pre-share-aes-256-md5, pre-share-3des-md5, pre-share-aes-256-sha, pre-share-aes-192-sha, pre-share-3des-md5, pre-share-aes-sha and pre-share-3des-sha.

I am able to pick a specific IPSec Proposal w/o issue but when I attempt to do the same for the IKE Proposal, and click OK the choice does not "stick" but rather returns to the entire list as defined above.

Thanks.

Loren Kolnes · ‎05-25-2011

Hi,

IKE policies are defined globally on the ASA, there is no way to apply policy 1 to one connection and policy b to another.

You could remove all of the polciies except pre-share-aes-256-sha.

This could cause a problem in that other VPN connections might need one of the remove policies to connect.

Hope this helps.

Thanks,

Loren

View solution in original post

Loren Kolnes · ‎05-25-2011

Hi,