<div>
<div class="content wysiwyg-content">
Hi All,<br />
<br />
Im running an ASR 1000 with version XE 3.13.01.S (15.4(3)S1). Does it support SHA256 and AES256 for ikev1? I know it does for ikev2 but I am not sure about ikev1 both phase 1 and phase 2.<br />
Here is what I found on a cisco website: <a href="https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/116055-technote-ios-crypto.html" rel="ugc">https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/116055-technote-ios-crypto.html</a><br />
<br />
&quot;Support for the NGE control plane (ECDH and ECDSA) has been introduced with Version XE3.7 (15.2(4)S). Initial control plane SHA-2 support was for IKEv2 only, with IKEv1 support added in Version XE3.10 (15.3(3)S). AES-GCM-128 and AES-GCM-256 encryption algorithms have been supported for IKEv2 control plane protection since Version XE3.12 (15.4(2)S) and 15.4(2)T. NGE dataplane support was added in Version XE3.8 (15.3(1)S) for Octeon based platforms only (ASR1001-X, ASR1002-X, ESP-100, and ESP-200); dataplane support is not available for other ASR platforms.&quot;<br />
<br />
Whats the difference between data plane support vs control plane support? <br />
<br />
Thanks and kind regards.
</div>
</div>


Hi All,

Im running an ASR 1000 with version XE 3.13.01.S (15.4(3)S1). Does it support SHA256 and AES256 for ikev1? I know it does for ikev2 but I am not sure about ikev1 both phase 1 and phase 2.
Here is what I found on a cisco website: https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/116055-technote-ios-crypto.html

"Support for the NGE control plane (ECDH and ECDSA) has been introduced with Version XE3.7 (15.2(4)S). Initial control plane SHA-2 support was for IKEv2 only, with IKEv1 support added in Version XE3.10 (15.3(3)S). AES-GCM-128 and AES-GCM-256 encryption algorithms have been supported for IKEv2 control plane protection since Version XE3.12 (15.4(2)S) and 15.4(2)T. NGE dataplane support was added in Version XE3.8 (15.3(1)S) for Octeon based platforms only (ASR1001-X, ASR1002-X, ESP-100, and ESP-200); dataplane support is not available for other ASR platforms."

Whats the difference between data plane support vs control plane support? 

Thanks and kind regards.

NGE support Cisco ASR1000

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Encryption

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.

Internet Protocol Security

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.