Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
904
Views
0
Helpful
1
Replies

Can Cisco ASR 1001 support DH Group 14 or 16 in IPSEC Phase 2?

harish.kokkonda
Level 1
Level 1

‎11-06-2014 10:14 AM - last edited on ‎02-21-2020 11:55 PM by Community Manager

Hello,

 

WE have an ASR 1001 for for our IPSEC Customers. I would like to know if ASR 1001 supports Dh group 14 or 16 in PHASE2.

 

What is the highest group that ASR1001 can support

 

Thanks

HBK

Labels:
0 Helpful
1 Reply 1

Rahul Chhabra
Level 1
Level 1

‎11-06-2014 01:44 PM

Hi. Harish 

According to Cisco doc's it is mentioned that we can use DH group 14 or 16 and in the command references you can also check the command used to run this group.

As these groups are added in Cisco IOS XE Release 2.2
These commands are further modified in the version 15.1(2)T to use with IKEv2 proposals.

According to Cisco Recommendation the 2048 bit group 14 and 24 can be used till 2030.

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/d1/sec-d1-cr-book/sec-cr-f1.html#wp2511113701

Regards,
Rahul Chhabra
Network Engineer
Spooster IT Services
 

 

0 Helpful
Customers Also Viewed These Support Documents