Tip of the Day: The VPN CSP - What else is new for the Anniversary Edition
Today’s Tip…
Answer: The ability to specify crypto setting for IPsec VPN tunnel configurations, that’s what!
The Details
Another of the improvements to the VPNv2 Configuration Service Provider introduced in build 1607 includes the CryptographySuite URI node. This node can be used to fine tune the crypto settings used by an IPsec VPN connection profile. Review the following list of include URI paths for more information.
VPNv2/ProfileName/NativeProfile/CryptographySuite
- Controls Crypto properties of IPsec tunnels.
VPNv2/ProfileName/NativeProfile/CryptographySuite/AuthenticationTransformConstants
The following list contains the valid (chr) values:
- MD596
- SHA196
- SHA256128
- GCMAES128
- GCMAES192
- GCMAES256
VPNv2/ProfileName/NativeProfile/CryptographySuite/CipherTransformConstants
The following list contains the valid (chr) values:
- DES
- DES3
- AES128
- AES192
- AES256
- GCMAES128
- GCMAES192
- GCMAES256
VPNv2/ProfileName/NativeProfile/CryptographySuite/EncryptionMethod
The following list contains the valid (chr) values:
- DES
- DES3
- AES128
- AES192
- AES256
VPNv2/ProfileName/NativeProfile/CryptographySuite/IntegrityCheckMethod
The following list contains the valid (chr) values:
- MD5
- SHA196
- SHA256
- SHA384
VPNv2/ProfileName/NativeProfile/CryptographySuite/DHGroup
The following list contains the valid (chr) values:
- Group1
- Group2
- Group14
- ECP256
- ECP384
- Group24
VPNv2/ProfileName/NativeProfile/CryptographySuite/PfsGroup
The following list contains the valid values:
- PFS1
- PFS2
- PFS2048
- ECP256
- ECP384
- PFSMM
- PFS24