This article details recommended settings for DHCP IPSec tunnel (IKEv2)
Supported IPSec VPN Parameters
|
Components |
Phase 1 |
Phase 2 |
|
Confidentiality |
AES-256 |
AES-256 |
|
Integrity |
SHA-512 |
SHA-512 |
|
Authentication |
Pre-Shared Key (PSK) |
X |
|
Protocol |
X |
AH ESP |
|
Encapsulation Mode |
X |
Tunnel Mode |
|
Key Exchange Method |
Diffie-Hellman |
|
|
Diffie-Hellman Group |
14 (modp2048) |
PFS enabled 14 (modp2048) |
|
Total Child SAs Supported |
N/A |
8 |
|
IKE Lifetime |
3 Hours |
- |
|
SA Lifetime |
- |
1 Hour |
|
SA Lifebytes |
Unlimited |
Unlimited |
|
NAT-Traversal |
If behind NAT |
X |
|
NAT Keepalive Interval |
30 Seconds |
X |
|
Dead Peer Detection (DPD) |
Enabled |
X |
|
DPD Timeout Interval |
30 Seconds |
X |
|
DPD Maximum Retries |
5 |
X |
|
Maximum Transmission Unit (MTU) |
1400 Bytes |
|
|
Maximum Segment Size (MSS) |
1360 Bytes |
|