Field Notice: FN – 72510 – Cisco IOS XE SW: Weak Cryptographic Algorithms Are Not Allowed by Default for IPsec Configuration in Cisco IOS XE Release 17.11.1 and Later – Configuration Change Recommended

May 12, 2023

Problem Description
In releases earlier than Cisco IOS® XE Release 17.11.1, weak crypto algorithms, including integrity, encryption, and Diffie-Hellman group algorithms, can be configured for IPsec protocol negotiation as well as data plane traffic protection.

In Cisco IOS XE Release 17.11.1 and later, weak crypto algorithms are no longer allowed by default due to their weak cryptographic properties. Cisco strongly recommends the use of stronger cryptographic algorithms in their place. In order to continue to use such weak algorithms, explicit configuration is required. Otherwise, IPsec tunnel negotiation will fail and cause service disruption as a result.

This advisory can be found at the following link:
https://www.cisco.com/c/en/us/support/docs/field-notices/725/fn72510.html

One Comment

trading of children's organs says:

January 13, 2024 at 2:00 am

I visit daily some blogs and blogs to read content, except this webpage provides quality
based posts.

Reply

GAIN ACCESS TO ALL SELF-PACED COURSES, PRACTICE EXAMS, VIDEOS, AND OTHER KNOWLEDGE-BOOSTING RESOURCES

SUBSCRIBE NOW

One Comment

Leave a Reply Cancel reply

GAIN ACCESS TO ALL SELF-PACED COURSES, PRACTICE EXAMS, VIDEOS, AND OTHER KNOWLEDGE-BOOSTING RESOURCES