The top Encryption capability for the TFNRegistry™ VPN devices is AES 256-bit SHA-1 (for both IKE Phase 1 and IPSEC Phase 2). As of January 31, 2018, the Triple DES (3DES) algorithm will no longer be an allowed encryption schema for Site-to-Site VPN tunnels and all new tunnels must utilize AES 256-bit encryption (anything lower is not acceptable).
Encrpytion Schema | |
| Encryption Scheme | IKE |
| IKE Phase 1 Security Association | Diffie Hellman Group 5 (1,536 bit) |
| Encryption Algorithm | Minimum AES 256-bit |
| Data Integrity/Hash Method | SHA-1 |
| Aggressive Mode | Disabled |
| Perfect Forward Secrecy | Disabled |
| IKE Phase 1 Security Association Lifetime | 3 options in seconds (3600/28800/86400) |
| IPSEC Phase 2 Security Association Lifetime | 3600 seconds |
| Authentication Method | Somos support personnel will supply a pre-shared secret. |