Supported IKE Cryptographic Parameters

Learn about the IKE crypto parameters that are supported for Prisma™ Access IPSec tunnels.
The following table documents the IKE cryptographic settings that are supported with Prisma™ Access.
Component
Phase 1 Supported Crypto Parameters
Phase 2 Supported Crypto Parameters
Encryption
3DES
AES-128
AES-192
AES-256
Null (not recommended)
DES
3DES
AES-128-CBC
AES-192-CBC
AES-256-CBC
AES-128-GCM
AES-192-GCM
AES-256-GCM
Authentication/Integrity
MD5
SHA-1
If you use IKEv2 with certificate-based authentication, only SHA1 is supported in IKE crypto profiles (Phase 1).
SHA-256
SHA-384
SHA-512
None
(supported with Galois/Counter Mode (GCM)
MD5
SHA-1
SHA-256
SHA-384
SHA-512
DH Group
Group 1
Group 2
Group 5
Group 14
Group 19
Group 20
No PFS
(not recommended)
Group 1
Group 2
Group 5
Group 14
Group 19
Group 20
Security Association (SA) Lifetime
Configurable
Configurable
SA Lifebytes
N/A
Configurable

Recommended For You