ESP Null encryption



  • Hello,

    Our security folks are insisting we use ESP with Null encryption and SHA1 hash for phase 2. They're afraid the ASA can't handle the added load to encrypt. I'm not in a position to change that and must find a way to use ESP null/SHA1.

    The GUI in 2.4.2 will not allow it, and manually editing the config.xml file doesn't help either.

    I need a way to set up null encryption which RFC 4301 (4.2) seems to say is an allowed configuration. 4301 says you can't do null/null, but seems to only require one or the other, which is what security is going by.

    Any help is appreciated.

    Jon


  • Rebel Alliance Developer Netgate

    It's not supported, and probably won't be.

    security folks are insisting we use ESP with Null encryption
    

    Those are not "security folks".

    If the equipment on the other end can't handle the encryption load, get better equipment.


Log in to reply