Interoperability with CISCO brand devices¶
Known Quirks¶The following quirks are known:
|ASDM||7.7|| Known problems with IKEv2
* configures aes192gcm16 when aes192gcm12 is shown to the user
* configures modp2048s256 when modp2048 is shown
* configures device to send aes192gcm16-sha256 when only aes192gcm16 is configured. The device then accepts a proposal with aes192gcm16, but drops the packets because it insists on the ICV being calculated using sha256 and not the negotiated AEAD algorithm
|Any||*||* IKEv2 is only supported with a single set of subnets per CHILD_SA. Thus the same workaround for IKEv1 has to be used with them.|
For site-to-site tunnels, the aptly named configuration examples from the UsableExamples page can be used.
For roadwarrior type tunnels, it is analogous.