This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

VPN GCP - CISCO

Posted on 10-24-2023 11:33 AM
juan10
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi everyone,I have the below situation with a classic VPN tunnel:  My customer has a  Cisco Adaptive Security Appliance Software Version 9.12(4)18 /SSP Operating System Version 2.6(1.225) / Device Manager Version 7.12(2)14. We are trying to connect using the next information.

Phase 1:

Authentication Method (Pre-Shared-Key), Encryption Scheme (IKEV2) / DH Group (Group 2) / Encryption Algoritm AES - 256 / Hashing algorithm (SHA 512) / LIFETIME 86400 / MODE (MAIN MODE)

Phase 2

Encapsulatio (ESP) / Encryption Algoritm AES - 256 / Authentication Algorithm (SHA512) / PFS (GROUP 21).

But the VPN is not connecting. I read that you recommend in the HASHING ALGORITHM use SHA -01 is that correct?. Can you explain why?

1 1 762
Topic Labels
1 REPLY 1

Posted on --/--/---- --:-- AM
VannGuce
Staff
Reply posted on --/--/---- --:-- AM

Hi,

I suggest you also share the documentation that you read regarding this concern so other users from this community can understand where you are coming from.

However, for this concern, please make sure that your On-prem VPN which I believe is Cisco is compatible with the feature of Cloud VPN. Cloud VPN Support IKEv1 and IKEv2. Please check this link[1] as a guidance to check the compatibility of your on-prem VPN and Cloud VPN.

Please note that you cannot modify IKE Ciphers of Cloud VPN, though as long as the On-prem Ciphers used is compatible with Cloud VPN then the connection should work.


[1]https://cloud.google.com/network-connectivity/docs/vpn/concepts/supported-ike-ciphers

Top Labels in this Space
Top Solution Authors
View all