Project

General

Profile

Interoperability with CISCO brand devices » History » Version 4

Noel Kuntze, 20.07.2018 13:43

1 1 Noel Kuntze
h1. Interoperability with CISCO brand devices
2 1 Noel Kuntze
3 1 Noel Kuntze
{{>toc}}
4 1 Noel Kuntze
5 1 Noel Kuntze
h2. Known Quirks
6 1 Noel Kuntze
7 1 Noel Kuntze
The following quirks are known:
8 1 Noel Kuntze
|_.Software|_.Version|_.Quirks|
9 2 Noel Kuntze
|ASDM | 7.7 | *Known problems with IKEv2*
10 2 Noel Kuntze
* configures aes192gcm16 when aes192gcm12 is shown to the user
11 1 Noel Kuntze
* configures modp2048s256 when modp2048 is shown
12 3 Noel Kuntze
* configures device to send aes192gcm16-sha256 when only aes192gcm16 is configured. The device then accepts a proposal with aes192gcm16, but drops the packets because it insists on the ICV being calculated using sha256 and not the negotiated AEAD algorithm|
13 3 Noel Kuntze
|Any | * | * IKEv2 is only supported with a single set of subnets per CHILD_SA. Thus the same workaround for IKEv1 has to be used with them. |
14 4 Noel Kuntze
15 4 Noel Kuntze
h2. Configurations
16 4 Noel Kuntze
17 4 Noel Kuntze
For site-to-site tunnels, [[UsableExamples#Site-To-Site-Scenario|the aptly named configuration examples from the UsableExamples page can be used.]]
18 4 Noel Kuntze
For roadwarrior type tunnels, [[UsableExamples#Roadwarrior-scenario|it is analogous.]]