Removed or Deprecated Hash Algorithms, Encryption Algorithms, and Diffie-Hellman Modulus Groups
Support has been removed for less secure ciphers. We recommend that you update your VPN configuration before you upgrade to threat defense 6.70 to supported DH and encryption algorithms to ensure the VPN works correctly.
Update your IKE proposals and IPSec policies to match the ones supported in threat defense 6.70 and then deploy the configuration changes.
The following less secure ciphers have been removed or deprecated in threat defense 6.70 onwards:
-
Diffie-Hellman GROUP 5 is deprecated for IKEv1 and IKEv2.
-
Diffie-Hellman groups 2 and 24 have been removed.
-
Encryption algorithms: 3DES, AES-GMAC, AES-GMAC-192, AES-GMAC-256 have been removed.
NoteDES continues to be supported in evaluation mode or for users who do not satisfy export controls for strong encryption.
NULL is removed in IKEv2 policy, but supported in both IKEv1 and IKEv2 IPsec transform-sets.