Does anyone know if it is possible to change the encryption algorithm used between campus mode access-point to the mobility controllers?
For eg, I am seeing all the access point using AES 254 / R-Sig / Sha1-96.
I believe the above is related to the default crypto policy setup on the controller.
Unfortunately, Sha1-96 is frowned upon by most security standards these days. I understand it is possible to create our own crypto policy and i do see more secure option other than Sha1-96. However, i am not sure if it is possible to have the access point negotiate to non default ipsec policy.
Also, i read somewhere about the Advance Crypto license but the documents was more on RAP rather than CAP.
Questions:
1. Can CAP IPsec to controller using custom crypto isakmp policy?
If yes, anyone knows how and if requires any additional license (such as Advanced Cryptography (ACR) module)