SonicOS/X 7 IPSec VPN

Technical Documentation>  IPSec VPN Overview>  VPN Security>  About IPsec (Phase 2) Proposal
Table of Contents

About IPsec (Phase 2) Proposal

The IPsec (Phase 2) proposal occurs with both IKEv1 and IKEv2. In this phase, the two parties negotiate the type of security to use, which encryption methods to use for the traffic through the tunnel (if needed), and negotiate the lifetime of the tunnel before re-keying is needed.

The two types of security for individual packets are:

  • Encryption Secured Payload (ESP), in which the data portion of each packet is encrypted using a protocol negotiated between the parties.
  • Authentication Header (AH), in which the header of each packet contains authentication information to ensure the information is authenticated and has not been tampered with. No encryption is used for the data with AH.

SonicOS/X supports the following Encryption methods for traffic through the VPN:

  • DES
  • AES-128
  • AESGCM16-128
  • AESGMAC-128
  • 3DES
  • AES-192
  • AESGCM16-192
  • AESGMAC-192
  • None
  • AES-256
  • AESGCM16-256
  • AESGMAC-256

SonicOS/X supports the following Authentication methods:

  • MD5
  • SHA1
  • AES-XCBC
  • None
 
  • SHA256
    
 
  • SHA384
    
 
  • SHA512