Prisma Access IPSec Tunnel Configuration Parameters

The following table describes the supported IPSec tunnel configuration parameters in Prisma Access. A check mark indicates that the parameter is supported; a dash (—) indicates that the parameter is not supported.
Instead of creating IPSec and IKE crypto profiles and gateways from scratch, you can use one of the predefined IPSec and IKE templates for common IPSec and SD-WAN devices, which simplify the onboarding of service connections that use one of the devices to terminate the connection.
Feature
Support
IPSec Tunnel
check-mark.png
GRE Tunnel
IKE Versions
IKE v1
check-mark.png
IKE v2
check-mark.png
IPSec Phase 1 DH-Group
Group 1
check-mark.png
Group 2
check-mark.png
(Default)
Group 5
check-mark.png
Group 14
check-mark.png
Group 19
check-mark.png
Group 20
check-mark.png
IPSec Phase 1 Auth
MD5
check-mark.png
SHA1
check-mark.png
(Default)
SHA256
check-mark.png
SHA384
check-mark.png
SHA512
check-mark.png
IPSec Phase 1 Encryption
DES
check-mark.png
3DES
check-mark.png
(Default)
AES-128-CBC
check-mark.png
(Default)
AES-192-CBC
check-mark.png
AES-256-CBC
check-mark.png
IPSec Phase 1 Key Lifetime Default
IPSec Phase 1 Key Lifetime Default
check-mark.png
(8 Hours)
IPSec Phase 1 Peer Authentication
Pre-Shared Key
check-mark.png
Certificate
check-mark.png
IKE Peer Identification
FQDN
check-mark.png
IP Address
check-mark.png
User FQDN
check-mark.png
IKE Peer
As Static Peer
check-mark.png
As Dynamic Peer
check-mark.png
Options
NAT Traversal
check-mark.png
Passive Mode
check-mark.png
Ability to Negotiate Tunnel
Per Subnet Pair
check-mark.png
Per Pair of Hosts
check-mark.png
Per Gateway Pair
check-mark.png
IPSec Phase 2 DH-Group
Group 1
check-mark.png
Group 2
check-mark.png
(Default)
Group 5
check-mark.png
Group 14
check-mark.png
Group 19
check-mark.png
Group 20
check-mark.png
No PFS
check-mark.png
IPSec Phase 2 Auth
MD5
check-mark.png
SHA1
check-mark.png
(Default)
SHA256
check-mark.png
SHA384
check-mark.png
SHA512
check-mark.png
None
check-mark.png
IPSec Phase 2 Encryption
DES
check-mark.png
3DES
check-mark.png
(Default)
AES-128-CBC
check-mark.png
(Default)
AES-192-CBC
check-mark.png
AES-256-CBC
check-mark.png
AES-128-CCM
check-mark.png
AES-128-GCM
check-mark.png
AES-256-GCM
check-mark.png
NULL
check-mark.png
IPSec Protocol
ESP
check-mark.png
AH
check-mark.png
IPSec Phase 2 Key Lifetime Default
IPSec Phase 2 Key Lifetime Default
check-mark.png
(1 Hour)

Recommended For You