Supported IKE Cryptographic Parameters
Table of Contents
Expand all | Collapse all
-
- Cloud Identity Engine Cipher Suites
-
- PAN-OS 11.1 GlobalProtect Cipher Suites
- PAN-OS 11.1 IPSec Cipher Suites
- PAN-OS 11.1 IKE and Web Certificate Cipher Suites
- PAN-OS 11.1 Decryption Cipher Suites
- PAN-OS 11.1 Administrative Session Cipher Suites
- PAN-OS 11.1 HA1 SSH Cipher Suites
- PAN-OS 11.1 PAN-OS-to-Panorama Connection Cipher Suites
- PAN-OS 11.1 Cipher Suites Supported in FIPS-CC Mode
-
- PAN-OS 11.0 GlobalProtect Cipher Suites
- PAN-OS 11.0 IPSec Cipher Suites
- PAN-OS 11.0 IKE and Web Certificate Cipher Suites
- PAN-OS 11.0 Decryption Cipher Suites
- PAN-OS 11.0 Administrative Session Cipher Suites
- PAN-OS 11.0 HA1 SSH Cipher Suites
- PAN-OS 11.0 PAN-OS-to-Panorama Connection Cipher Suites
- PAN-OS 11.0 Cipher Suites Supported in FIPS-CC Mode
-
- PAN-OS 10.2 GlobalProtect Cipher Suites
- PAN-OS 10.2 IPSec Cipher Suites
- PAN-OS 10.2 IKE and Web Certificate Cipher Suites
- PAN-OS 10.2 Decryption Cipher Suites
- PAN-OS 10.2 Administrative Session Cipher Suites
- PAN-OS 10.2 HA1 SSH Cipher Suites
- PAN-OS 10.2 PAN-OS-to-Panorama Connection Cipher Suites
- PAN-OS 10.2 Cipher Suites Supported in FIPS-CC Mode
-
- PAN-OS 10.1 GlobalProtect Cipher Suites
- PAN-OS 10.1 IPSec Cipher Suites
- PAN-OS 10.1 IKE and Web Certificate Cipher Suites
- PAN-OS 10.1 Decryption Cipher Suites
- PAN-OS 10.1 Administrative Session Cipher Suites
- PAN-OS 10.1 HA1 SSH Cipher Suites
- PAN-OS 10.1 PAN-OS-to-Panorama Connection Cipher Suites
- PAN-OS 10.1 Cipher Suites Supported in FIPS-CC Mode
-
- PAN-OS 9.1 GlobalProtect Cipher Suites
- PAN-OS 9.1 IPSec Cipher Suites
- PAN-OS 9.1 IKE and Web Certificate Cipher Suites
- PAN-OS 9.1 Decryption Cipher Suites
- PAN-OS 9.1 Administrative Session Cipher Suites
- PAN-OS 9.1 HA1 SSH Cipher Suites
- PAN-OS 9.1 PAN-OS-to-Panorama Connection Cipher Suites
- PAN-OS 9.1 Cipher Suites Supported in FIPS-CC Mode
-
- PAN-OS 8.1 GlobalProtect Cipher Suites
- PAN-OS 8.1 IPSec Cipher Suites
- PAN-OS 8.1 IKE and Web Certificate Cipher Suites
- PAN-OS 8.1 Decryption Cipher Suites
- PAN-OS 8.1 Administrative Session Cipher Suites
- PAN-OS 8.1 HA1 SSH Cipher Suites
- PAN-OS 8.1 PAN-OS-to-Panorama Connection Cipher Suites
- PAN-OS 8.1 Cipher Suites Supported in FIPS-CC Mode
Supported IKE Cryptographic Parameters
Learn about the IKE crypto parameters that are supported
for Prisma™ Access IPSec tunnels.
The following table documents the IKE cryptographic settings
that are supported with Prisma™ Access.
Component | Phase 1 Supported Crypto Parameters | Phase 2 Supported Crypto Parameters |
---|---|---|
Encryption | 3DES AES-128 AES-192 AES-256 | Null (not recommended) DES 3DES AES-128-CBC AES-192-CBC AES-256-CBC AES-128-GCM AES-192-GCM AES-256-GCM |
Authentication/Integrity | MD5 SHA-1 If you use IKEv2 with certificate-based authentication,
only SHA1 is supported in IKE crypto profiles (Phase 1). SHA-256 SHA-384 SHA-512 | None (supported with Galois/Counter Mode (GCM) MD5 SHA-1 SHA-256 SHA-384 SHA-512 |
DH Group | Group 1 Group 2 Group 5 Group
14 Group 19 Group 20 | No PFS (not recommended) Group
1 Group 2 Group 5 Group 14 Group 19 Group
20 |
Security Association (SA) Lifetime | Configurable | Configurable |
SA Lifebytes | N/A | Configurable |