get rid of DH group 5 in ASA IKE policies
authorAaron Zauner <azet@azet.org>
Tue, 17 Dec 2013 12:17:36 +0000 (13:17 +0100)
committerAaron Zauner <azet@azet.org>
Tue, 17 Dec 2013 12:17:36 +0000 (13:17 +0100)
src/practical_settings/vpn.tex

index a9a13ed..8820b9e 100644 (file)
@@ -420,7 +420,7 @@ crypto ikev2 policy 1
 crypto ikev2 policy 2
  encryption aes-gcm-256 aes-gcm-192 aes-gcm
  integrity null
- group 24 14 5
+ group 24 14
  prf sha512 sha384 sha256 sha
  lifetime seconds 86400
 crypto ikev2 policy 3
@@ -432,7 +432,7 @@ crypto ikev2 policy 3
 crypto ikev2 policy 4
  encryption aes-256 aes-192 aes
  integrity sha512 sha384 sha256 sha
- group 24 14 5
+ group 24 14
  prf sha512 sha384 sha256 sha
  lifetime seconds 86400
 crypto ikev2 enable Outside-DMZ client-services port 443