Configure IKEv2 Shared Settings

IKEv2 shared settings apply to all manual BOVPN tunnels and BOVPN virtual interfaces that use IKEv2 and have at least one remote gateway that has a dynamic IP address.

These authentication options are supported:

  • MD5
  • SHA1
  • SHA2-256
  • SHA2-384
  • SHA2-512

These encryption options are supported:

  • DES
  • 3DES
  • AES (128-bit)
  • AES (192-bit)
  • AES (256-bit)
  • AES-GCM (128-bit) — Fireware v12.2 or higher
  • AES-GCM (192-bit) — Fireware v12.2 or higher
  • AES-GCM (256-bit) — Fireware v12.2 or higher

Diffie-Hellman Groups 1, 2, 5, 14, 15, 19, and 20 are supported.

For IKEv2, NAT traversal is always enabled, but you can change the NAT keep-alive interval in the Phase 1 Options.

For information about how to configure a branch office VPN to use IKEv2, see Configure IPSec VPN Phase 1 Settings.

See Also

Configure IPSec VPN Phase 1 Settings

About Manual IPSec Branch Office VPNs