User profile for user: Harridu
Harridu Author
User level: Level 1
10 points

IPsec: diffie-hellman group in phase 2?

Config question about IPsec (IKEv1) on IOS:

According to the IOS deployment reference it should support Diffie-Hellman group 2 or 5 for AES256, SHA1 and certificate authentication for phase 1. This seems to work.


For phase 2 it says, if perfect forward secrecy is used, then the DH group for phase 2 must match phase 1. This seems to be not case. Looking at the log file on the peer, it seems that my iphone proposes no Diffie-Hellman group for phase 2 at all. If I hardwire DH group 2 or 5 on the peer for phase 2, then the iphone cannot connect.


Every helpful comment is highly appreciated

Harri

Posted on Jun 20, 2015 10:31 PM

Reply
3 replies

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

IPsec: diffie-hellman group in phase 2?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up