Configure IKEv2 Shared Settings

IKEv2 shared settings apply to all manual BOVPN tunnels and BOVPN virtual interfaces that use IKEv2 and have at least one remote gateway that has a dynamic IP address. Mobile VPN with IKEv2 also uses the IKEv2 shared settings, and uses the highest priority of the Phase 1 transform settings in its configuration.

These authentication options are supported:

  • MD5
  • SHA1
  • SHA2-256
  • SHA2-384
  • SHA2-512

These encryption options are supported:

  • DES
  • 3DES
  • AES (128-bit)
  • AES (192-bit)
  • AES (256-bit)
  • AES-GCM (128-bit) — Fireware v12.2 or higher
  • AES-GCM (192-bit) — Fireware v12.2 or higher
  • AES-GCM (256-bit) — Fireware v12.2 or higher

Diffie-Hellman Groups 1, 2, 5, 14, 15, 19, 20, and 21 are supported.

Fireware v12.10 and higher supports Diffie-Hellman Group 21.

For IKEv2, NAT traversal is always enabled, but you can change the NAT keep-alive interval in the Phase 1 Options.

For information about how to configure a branch office VPN to use IKEv2, go to Configure IPSec VPN Phase 1 Settings.

Related Topics

Configure IPSec VPN Phase 1 Settings

About Manual IPSec Branch Office VPNs