Supported cipher suites for IPsec

Suggest Edits

In the IPsec protocol suite, Internet Key Exchange (IKE) is the protocol that’s used to establish and manage security associations (SAs) between your enterprise appliance (SD-WAN device or router) and SIA Proxy. The Encapsulating Security Payload (ESP) protocol provides confidentiality, data origin authentication, integrity, and protection from replay attacks.

The following tables list the cipher suites that SIA supports for these protocols.

Supported cipher suites for IKE protocol

Cipher Suite	Diffie-Hellman (DH) Group	Encryption Algorithm	Integrity Algorithm
aes256gcm16-sha384-ecp384	20	AES-GCM-256	SHA2-384
aes128gcm16-sha256-ecp256	19	AES-GCM-128	SHA2-256
aes256-sha256-ecp384	20	AES-CBC-256	SHA2-256
aes256-sha256-ecp256	19	AES-CBC-256	SHA2-256
aes256-sha512-modp4096	16	AES-CBC-256	SHA2-512
aes256-sha512-modp3072	15	AES-CBC-256	SHA2-512
aes256-sha512-modp2048	14	AES-CBC-256	SHA2-512
aes256-sha384-modp4096	16	AES-CBC-256	SHA2-384
aes256-sha384-modp3072	15	AES-CBC-256	SHA2-384
aes256-sha384-modp2048	14	AES-CBC-256	SHA2-384
aes256-sha256-modp4096	16	AES-CBC-256	SHA2-256
aes256-sha256-modp3072	15	AES-CBC-256	SHA2-256
aes256-sha256-modp2048	14	AES-CBC-256	SHA2-256

Supported cipher suites for ESP protocol

Cipher Suite	DH Group	Encryption Algorithm	Integrity Algorithm
aes256-sha256-ecp384	20	AES-CBC-256	SHA2-256
aes256-sha256-ecp256	19	AES-CBC-256	SHA2-256
aes256-sha512-modp4096	16	AES-CBC-256	SHA2-512
aes256-sha512-modp3072	15	AES-CBC-256	SHA2-512
aes256-sha512-modp2048	14	AES-CBC-256	SHA2-512
aes256-sha384-modp4096	16	AES-CBC-256	SHA2-384
aes256-sha384-modp3072	15	AES-CBC-256	SHA2-384
aes256-sha384-modp2048	14	AES-CBC-256	SHA2-384
aes256-sha256-modp4096	16	AES-CBC-256	SHA2-256
aes256-sha256-modp3072	15	AES-CBC-256	SHA2-256
aes256-sha256-modp2048	14	AES-CBC-256	SHA2-256

Updated about 2 years ago