Verify CISCO 1921 k9 router ipsec parameters

tharindulg · ‎07-17-2023

I Have cisco 1921/K9 router just need to confirm that said device supported for below parameters to crate IPsec tunnel,

IKEV2 & Sha 256

I have run below commands and got the output as well

#show crypto ipsec transform-set

Transform set default: { esp-aes esp-sha-hmac }
will negotiate = { Transport, },

Transform set ebix: { esp-256-aes esp-sha-hmac }
will negotiate = { Tunnel, },

#show version

Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.4(3)M3, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Fri 05-Jun-15 12:31 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)

Rob Ingram · ‎07-17-2023

@tharindulg yes the Cisco ISR 1921 supports IKEv2 and SHA256 as long as you have the security license. You will need to create custom IKEv2 proposal and IPSec transform set to use the SHA256, the smart default settings don't have the strongest algorithms enabled.

Example syntax from a 1921 running 15.7:

crypto ipsec transform-set TSET esp-aes 256 esp-sha256-hmac
!
crypto ikev2 proposal PROP
encryption aes-cbc-256
integrity sha256
group 20

MHM Cisco World · ‎07-18-2023

Can you more elaborate'

IKEv2 phase1 or phase2 what you want support sha256?

tharindulg · ‎07-18-2023

IKEV2 for phase 1 and Sha 256 will be Phase 1 & 2 both. Will it be OK

Thank you

Rob Ingram · ‎07-18-2023

@tharindulg of course SHA256 will be fine for both. The example provided above demonstrates using SHA256 for both (IKEv2 proposal and IPSec transform set).

MHM Cisco World · ‎07-19-2023

both support SHA256