Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

ISAKMP SA showing different encryption than configured

hi,

I have configured site to site vpn with client's firewall. We have mutually configured 3des as encryption however when I checked ISAKMP SA on my firewall it shows AES-256 as encryption...The vpn is active and the traffic is passing through the vpn.. I just wanted to know why it is showing AES-256 while 3des is configured? Both end have ASA firewall. I have software 8.6(1)2 while remote end has 8.3 (2).

 

  • Firewalling
1 REPLY

Hi Rahul,For phase 1 ISAKMP,

Hi Rahul,

For phase 1 ISAKMP, these parameters exists on both devices, at the time of exchange between ASAs will pick a proposal given by an ASA, assuming AES-256 encryption is defined for the phase 1 negotiation.  If you choose not to use AES-256 encryption for phase 1 negotiation, only way to force it by removing policy that contains the AES-256 encryption for phase 1.

 

Hope that answers your question.

 

Thanks

Rizwan Rafeek.

13
Views
0
Helpful
1
Replies
This widget could not be displayed.