Interoperability with CISCO brand devices

Known Quirks

The following quirks are known:
Software Version Quirks
ASDM 7.7 Known problems with IKEv2
* configures aes192gcm16 when aes192gcm12 is shown to the user
* configures modp2048s256 when modp2048 is shown
* configures device to send aes192gcm16-sha256 when only aes192gcm16 is configured. The device then accepts a proposal with aes192gcm16, but drops the packets because it insists on the ICV being calculated using sha256 and not the negotiated AEAD algorithm
Any * * IKEv2 is only supported with a single set of subnets per CHILD_SA. Thus the same workaround for IKEv1 has to be used with them.


For site-to-site tunnels, the aptly named configuration examples from the UsableExamples page can be used.
For roadwarrior type tunnels, it is analogous.