Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6393
Views
0
Helpful
3
Replies

SHA version supported on Cisco IOS

Go to solution
sjhamb
Cisco Employee
Cisco Employee

‎03-01-2011 12:26 AM

Guys,

What is the SHA version that we support on Cisco IOS VPN capable devices? Configurations options just say SHA..

I would apreciate if you could also point me to a cisco document to support your theory as customer would require this..

Thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
IAN WHITMORE
Level 4
Level 4

‎03-01-2011 02:21 AM

hash (IKE policy)

To specify the hash algorithm within an Internet Key Exchange policy, use the hash command in Internet Security Association Key Management Protocol (ISAKMP) policy configuration mode. IKE policies define a set of parameters to be used during IKE negotiation. To reset the hash algorithm to the defaultsecure hash algorithm (SHA)-1 hash algorithm, use the no form of this command.

hash {sha | sha256 | sha384 | md5}

no hash

Syntax Description

sha

Specifies SHA-1 (HMAC variant) as the hash algorithm.

sha256

Specifies SHA-2 family 256-bit (HMAC variant) as the hash algorithm.

sha384

Specifies SHA-2 family 384-bit (HMAC variant) as the hash algorithm.

md5

Specifies MD5 (HMAC variant) as the hash algorithm.


Defaults

The SHA-1 hash algorithm

Command Modes

ISAKMP policy configuration

Command History

Release
Modification

11.3 T

This command was introduced.

12.4(4)T

IPv6 support was added.

12.2(33)SRA

This command was integrated into Cisco IOS release 12.(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Cisco IOS XE Release 2.1

This command was introduced on Cisco ASR 1000 Series Routers.

15.1(2)T

This command was modified. The sha256 and sha384 keywords were added.

Of course, it depends slightly on your IOS.
HTH,
Ian

View solution in original post

0 Helpful
3 Replies 3

Go to solution
IAN WHITMORE
Level 4
Level 4

‎03-01-2011 02:21 AM

hash (IKE policy)

To specify the hash algorithm within an Internet Key Exchange policy, use the hash command in Internet Security Association Key Management Protocol (ISAKMP) policy configuration mode. IKE policies define a set of parameters to be used during IKE negotiation. To reset the hash algorithm to the defaultsecure hash algorithm (SHA)-1 hash algorithm, use the no form of this command.

hash {sha | sha256 | sha384 | md5}

no hash

Syntax Description

sha

Specifies SHA-1 (HMAC variant) as the hash algorithm.

sha256

Specifies SHA-2 family 256-bit (HMAC variant) as the hash algorithm.

sha384

Specifies SHA-2 family 384-bit (HMAC variant) as the hash algorithm.

md5

Specifies MD5 (HMAC variant) as the hash algorithm.


Defaults

The SHA-1 hash algorithm

Command Modes

ISAKMP policy configuration

Command History

Release
Modification

11.3 T

This command was introduced.

12.4(4)T

IPv6 support was added.

12.2(33)SRA

This command was integrated into Cisco IOS release 12.(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Cisco IOS XE Release 2.1

This command was introduced on Cisco ASR 1000 Series Routers.

15.1(2)T

This command was modified. The sha256 and sha384 keywords were added.

Of course, it depends slightly on your IOS.
HTH,
Ian

0 Helpful

Go to solution
sjhamb
Cisco Employee
Cisco Employee
In response to IAN WHITMORE

‎03-01-2011 03:06 AM

Thanks Ian, that definately helps!!

0 Helpful

Go to solution
michaelr
Cisco Employee
Cisco Employee
In response to IAN WHITMORE

‎03-22-2013 10:58 AM

The release numbers listed in the chart are incorrect.  I do not know where the chart originated but you may wish to inform the author that the release numbers are incorrect and have them correct the errors.

0 Helpful
Customers Also Viewed These Support Documents