04-30-2024 02:48 PM - edited 04-30-2024 02:54 PM
I'd like to know if you have experience with upgrading an ASA5506 from 9.8 to 9.16.
I have an s2s IPsec IKEv2 configuration with group 14 and 19. What impact will this have on IPsec?
Could you please share your experiences?
Thank you!
Solved! Go to Solution.
04-30-2024 08:09 PM
You should be OK. Only DH groups 2, 5 and 24 were deprecated (as of ASA 9.13). Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa913/release/notes/asarn913.html#reference_yw3_ngz_vhb
04-30-2024 08:09 PM
You should be OK. Only DH groups 2, 5 and 24 were deprecated (as of ASA 9.13). Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa913/release/notes/asarn913.html#reference_yw3_ngz_vhb
04-30-2024 11:04 PM
before upgrading - make sure check other end can support same DH methods, some legacy system still need DH 5, this what i have encountered the issue.
05-02-2024 10:46 AM
Thank you for your answer.
The other thing that worries me is that Cisco recommends generating higher-security keys as soon as possible using the crypto key generate {eddsa | ecdsa} command.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide