Some old DH groups are depreciated and removed from version 6.7
Cisco completely removed them, deleted, they can't be used at all. Any VPN config you had with old settings needs to be updated before you upgrade. This will need changes on your end and the peer end.
Sample settings to use
A1-E-AES256-I-SHA256-P-SHA256-DH21-28800
A2-E-AES256-I-SHA256-P-SHA256-DH20-28800
A3-E-AES256-I-SHA256-P-SHA256-DH19-28800
A4-E-AES256-I-SHA256-P-SHA256-DH14-28800
A1-E-AES256-I-SHA256-P-SHA256-DH21-28800
Priority 1
Lifetime: 28800
Integrity: SHA256
Encryption: AES-256
PRF: SHA256
DH group: 21
IKEv2 IPsec proposal
ESP-E-AES256-I-SHA256
ESP hash: SHA-256
ESP Encryption: AES-256
No comments:
Post a Comment