Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ESP Null encryption

    IPsec
    2
    2
    314
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jhosford
      last edited by

      Hello,

      Our security folks are insisting we use ESP with Null encryption and SHA1 hash for phase 2. They're afraid the ASA can't handle the added load to encrypt. I'm not in a position to change that and must find a way to use ESP null/SHA1.

      The GUI in 2.4.2 will not allow it, and manually editing the config.xml file doesn't help either.

      I need a way to set up null encryption which RFC 4301 (4.2) seems to say is an allowed configuration. 4301 says you can't do null/null, but seems to only require one or the other, which is what security is going by.

      Any help is appreciated.

      Jon

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        It's not supported, and probably won't be.

        security folks are insisting we use ESP with Null encryption

        Those are not "security folks".

        If the equipment on the other end can't handle the encryption load, get better equipment.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post