×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Can Cisco ASR 1001 support DH Group 14 or 16 in IPSEC Phase 2?

Unanswered Question
Nov 6th, 2014
User Badges:

Hello,

 

WE have an ASR 1001 for for our IPSEC Customers. I would like to know if ASR 1001 supports Dh group 14 or 16 in PHASE2.

 

What is the highest group that ASR1001 can support

 

Thanks

HBK

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Rahul Chhabra Thu, 11/06/2014 - 13:44
User Badges:

Hi. Harish 

According to Cisco doc's it is mentioned that we can use DH group 14 or 16 and in the command references you can also check the command used to run this group.

As these groups are added in Cisco IOS XE Release 2.2
These commands are further modified in the version 15.1(2)T to use with IKEv2 proposals.

According to Cisco Recommendation the 2048 bit group 14 and 24 can be used till 2030.

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/d1/sec-d1-cr-b...

Regards,
Rahul Chhabra
Network Engineer
Spooster IT Services
 

 

Actions

This Discussion