The top Encryption capability for the TFNRegistry™ VPN devices is AES 256-bit SHA-1 (for both IKE Phase 1 and IPSEC Phase 2). As of January 31, 2018, the Triple DES (3DES) algorithm will no longer be an allowed encryption schema for Site-to-Site VPN tunnels and all new tunnels must utilize AES 256-bit encryption (anything lower is not acceptable).
|
Encrpytion Schema |
|
|
Encryption Scheme |
IKE |
|
IKE Phase 1 Security Association |
Diffie Hellman Group 5 (1,536 bit) |
|
Encryption Algorithm |
Minimum AES 256-bit |
|
Data Integrity/Hash Method |
SHA-1 |
|
Aggressive Mode |
Disabled |
|
Perfect Forward Secrecy |
Disabled |
|
IKE Phase 1 Security Association Lifetime |
3 options in seconds (3600/28800/86400) |
|
IPSEC Phase 2 Security Association Lifetime |
3600 seconds |
|
Authentication Method |
Somos support personnel will supply a pre-shared secret. |