IPSec interoperability
When selecting the appropriate parameters, it is usually no problem to establish VPN connections with other IPSec products.
The required settings are listed below:
Phase 1 parameters:
- Main mode
- TripleDES (3DES), AES-128, AES-256
- MD5-96 or SHA1-96
- Oakley group 2, 5, 14 to 18 (MODP1024, MODP1536, MODP2048, MODP3072, MODP4096, MODP6144, MODP8192)
- Default key lifetime: 6 hours
Phase 2 parameters:
- TripleDES (3DES), AES-128, AES-256
- AH or ESP, MD5-96 or SHA1-96
- Optional Perfect Forward Secrecy as in phase 1 (enabled by default)
- Default key lifetime: 9 hours
We verify the interoperability with the IPSec client of recent Microsoft Windows releases from time to time. Please understand
that we cannot guarantee the interoperability with other products. The number of other products and the differences even between
releases of one product makes this impossible. However when considering the log files of both sides it should not be too difficult
to remedy the cause of connection problems.