10-28-2020 02:13 PM
Hi All, I need to build IPSec Tunnels where I can use:
1)Session key exchange algorithm & group: Change to DH group 14.
2)Algorithm used for integrity: Change to RSA SHA-256 2048 bit.
Which routers and version of ios support these features?
10-28-2020 02:22 PM
They aren't the latest and most secure algorithms, but most Cisco hardware IOS router (ISR G2 or 1K/4K) or ASA/FTD will support those algorithms. If you run the latest software version you shouldn't have an issue.
10-28-2020 02:43 PM
All crypto-enabled firmware can support, at a minimum, 2048.
10-29-2020 10:07 AM - edited 10-29-2020 10:08 AM
On FTD, I think 256 bits are only supported with IKEv2.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide