cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4009
Views
5
Helpful
1
Replies

Warning about Deprecated DH Groups in IKEv2 for Remote Access VPN

MauryJ
Level 1
Level 1

Hello,

 

We are using FMC and FTD 6.6.4 on an ASA 5516-X, and are preparing to upgrade to 6.7.   (I'm not sure about making the jump to 7.0.)

When pushing deployments to our FTD, we get a warning regarding one of our Remote Access groups that we use for AnyConnect clients:

 

Remote Access VPN: <Group Name>

Warning: Deprecated DH Groups Used in IKEv2 Policy.

 

For the referenced RA group, we are using SSL only, and IPSec-IKEv2 is not enabled.   (There is a default web vpn group setup, with a default group policy that does have IKEv2 enabled.   But we aren't using it.)    So I'm not sure where to look to clear up this issue.

 

Thanks for any advice

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

You should be able to disable it in the default group policy without any problem.

FYI 7.0 will remove the support altogether.

Between 7.0 and 6.7 (6.7.0.2) I would choose 7.0 since 6.7 is already post end of sales and 7.0 is designated an extra long term release.

Possibly wait a few weeks - I hear 7.0.1 is due out around the end of September.

View solution in original post

1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

You should be able to disable it in the default group policy without any problem.

FYI 7.0 will remove the support altogether.

Between 7.0 and 6.7 (6.7.0.2) I would choose 7.0 since 6.7 is already post end of sales and 7.0 is designated an extra long term release.

Possibly wait a few weeks - I hear 7.0.1 is due out around the end of September.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: