I'm trying to put a IOS XE router in two different FlexVPNs whose proposals not intersecting. The router has one WAN interface with one public IP so I can't distinguish policies by IP or VRF. Is it possible to configure different proposals for each neighbour in this case?
Solved! Go to Solution.
The IKE proposals are not tied to specific peers. So you can just define multiple algorithms and the peers will negotiate, obviously there needs to be at least one common proposal.
There is my network where I don't want to permit weaker ciphers, I'm configuring the hub. I need to connect to foreign network which permits DES. I'd like to receive AES encrypted traffic from my network and route it to foreign network encrypted with DES. I know that proposals are ordered, I have read IKEv2 documentation but hoped there is a way to distinguish between neighbours using only one IP.