Solved: IPSEC SA Algorithm how many bit?

alberto-pesce · ‎07-22-2015

Hi all,

how many bit for the IPSEC SA Algorithm on the ASA Version 8.2(1) ?

esp-md5-hmac

esp-sha-hmac

Best Regards

Alp

Karsten Iwen · ‎07-22-2015

It's 96 Bit based on RFC2403/2404.

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

View solution in original post

Karsten Iwen · ‎07-22-2015

It's 96 Bit based on RFC2403/2404.

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

Karsten Iwen · ‎07-22-2015

Perhaps important to add: If you use modern equipment you can run IKEv2 where more modern integrity algorithms are specified like SHA256.

(Theoretical it could also be used by older gear implementing IKEv1/IPSec, but at least for the ASA it's not done).

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

Douglas Holmes · ‎07-22-2015

Need version 9 or above to run more advanced encryption and ikev2. Can't use a sha256 hash with the older ASA models only the "X" models or above. Best you can do is aes256-cbc with sha1 or md5 and of course no hash at all with the older devices.