Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

How to change Phase 1 policy for a Site to site VPN.

Hi,

i have a site to site vpn.

It,s phase 1 policy is currently  3des and sha(policy no 20)

now i want to change the phase 1 policy of this site to site vpn .

I have multiple phase 1 policy .

i want to change to policy 10 (AES sha).

How can i do it USING CLI or ASDM.

Regards,

Prashant

1 REPLY
Super Bronze

How to change Phase 1 policy for a Site to site VPN.

Hi,

To my understanding you can't choose a certain Phase1 parameters for the VPN connection. (Atleast I'm under the impression. If it's possible I would be interested too)

What you can change though is the order of your ISAKMP policys. As you have mentioned

The smaller the sequence number, the higher on the list it should be. When your ASA starts negotiation with another peer it should offer the first policy or compare the peers "suggestion" to your first policy.

213
Views
0
Helpful
1
Replies
CreatePlease to create content