Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Phase 1 Encryption Method in Config File

OK...  I see the statement for the declaration of Encryption for Phase 2.  It is clear in the Crypto Map section.  Where in the config file is the Phase 1 encryption method defined for a given IPSec Tunnel?

Thanx

3 REPLIES
Super Bronze

Phase 1 Encryption Method in Config File

Hi,

From the ASA CLI you should be able to see all the phase 1 policies configured on the ASA with the command "show run crypto". They are at the very end.

Each of the policies have a priority number in which order they are checked when a VPN connection is being formed.

To my understanding none of them are locked to a certain VPN connection on your ASA. They are gone through with the other VPN device/client in the Phase1 negotiations until they find a policy match that both devices have.

In my 8.4(3) ASA I for example have the policies like this

crypto ikev1 policy 30

authentication pre-share

encryption aes-256

hash sha

group 2

lifetime 86400

crypto ikev1 policy 60

authentication pre-share

encryption aes-192

hash sha

group 2

lifetime 86400

For the older software the format might be different.

Like

"crypto isakmp policy 10"

- Jouni

Hall of Fame Super Silver

Phase 1 Encryption Method in Config File

Eric asked his question without telling us what platform he is asking about. Jouni has given a nice explanation for the ASA. If Eric was asking about an IOS device then the answer is that the phase 1 encryption is specified in the transform set.

HTH

Rick

Super Bronze

Phase 1 Encryption Method in Config File

Right you are

Think I've configured so many ASAs lately that I just presume everyone has one

297
Views
0
Helpful
3
Replies
CreatePlease to create content