Greetings - I've got a Cisco VPN Concentrator 6030 running 4.7.0 of the SW. I need to change the IKE Proposal to use SHA-1 for FIPS reasons. Currently MD5-HMAC is used. I've altered the IKE proposal configuration so that the SHA items are at the top (see attachment for where I'm doing this), but the IKE proposal that's selected never changes. I backed the changes out, but the screen shot is provided so you can see where I'm carrying out the configuration. I tried disabling the MD5 proposal, and it resulted in my not being able to authenticate at all. What am I missing?
What you must remember is that the encryption/HASH is sent in proposals messages and "negotiated" by both sides. Even though you have added it as a preferred option and even moved it to the top of the list, if the remote end is not configured to use it or does not support it - it will not be used.
I agree - it's a negotiation - however, the Cisco VPN Client 5.0.x doesn't seem to have any configuration item where you can give it an ordered list of proposals (unless I'm missing something somewhere)
I'm using the newest version of the client available list week on the Software Center.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...