VPN IKE Settings on Cisco ASA 5520
Posted on 2011-10-19
I have a SonicWall VPN endpoint and we are in the process of upgrading IKE (Phase 1) & IPSEC (Phase 2) settings on our client VPN tunnels that are set at lower settings.
Twice now (on seperate VPNs) we have attempted to upgrade the connections on a tunnel with a Cisco ASA 5520. Phase 1 & 2 were both set to 3DES/MD5. We upgraded both to AES-256/SHA1 and the tunnel did not come up. When I set Phase 1 on my end back to 3DES/MD5 and left Phase 2 at AES-256/SHA1 the tunnel came back up. The network engineer on the Cisco end swears that he set them both to AES-256/SHA1 but when he looks in the logs he sees the traffic is 3DES/MD5 on IKE.
Can anyone give me some hints on where to let my counterparts look to correct this and bring IKE (Phase 1) up to AES-256/SHA1?