You can configure Mobile VPN with L2TP to offer an L2TP client more than one proposal for Phase 2 of the IKE. For example, you could specify ESP-3DES-SHA1 in one proposal and ESP-DES-MD5 for a second proposal. When traffic passes through the VPN tunnel, the security association can use either ESP-3DES-SHA1 or ESP-DES-MD5 to match the transform settings on the L2TP client.
You can include a maximum of eight proposals.
To add a new IPSec phase 2 proposal for Mobile VPN with L2TP:
There are six preconfigured proposals. The names follow the format <Type>-<Authentication>-<Encryption>. For all six, Force Key Expiration is configured for 8 hours or 128000 kilobytes.
To use one of the six preconfigured proposals or another phase 2 proposal you have previously created:
The list of existing proposals shows only proposals that use the ESP proposal method. Mobile VPN with L2TP does not support the AH proposal method.
The IPSec Phase 2 proposals used for Mobile VPN with L2TP are the same ones that can be used when you configure a branch office VPN. To create a new Phase 2 proposal, you must add it in the Branch Office VPN page.
To create a new Phase 2 proposal:
After you add the Phase 2 proposal, you can add it to the L2TP configuration as described in the previous procedure.
Edit the Mobile VPN with L2TP Configuration