We have controllers running on 6.5.4.x versions. All access points are CAP. For the IP sec tunnel between the AP and the controller, is it possible to change the phase 1 / 2 encryption encryption/hash alogrithm?
For eg.
show crypto isakmp sa peer x.x.x.x
Phase1 Transform:EncrAlg:AES256 HashAlg:HMAC_SHA1_96
show crypto ipsec sa peer x.x.x.x
Phase2 Transform:Encryption Alg: AES 256 Authentication Alg: SHA1
Was told that the setting for the above are negotiated by the access points and cannot be changed manually. Was wondering if anyone was able to modify as the default hash is deem not so secure.