ISAKMP SA showing different encryption than configured
I have configured site to site vpn with client's firewall. We have mutually configured 3des as encryption however when I checked ISAKMP SA on my firewall it shows AES-256 as encryption...The vpn is active and the traffic is passing through the vpn.. I just wanted to know why it is showing AES-256 while 3des is configured? Both end have ASA firewall. I have software 8.6(1)2 while remote end has 8.3 (2).
For phase 1 ISAKMP, these parameters exists on both devices, at the time of exchange between ASAs will pick a proposal given by an ASA, assuming AES-256 encryption is defined for the phase 1 negotiation. If you choose not to use AES-256 encryption for phase 1 negotiation, only way to force it by removing policy that contains the AES-256 encryption for phase 1.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...