Supported IKE Cryptographic Parameters

Learn about the IKE crypto parameters that are supported for Prisma Access IPSec tunnels.
The following table documents the IKE cryptographic settings that are supported with Prisma Access.
Component
Phase 1 Supported Crypto Parameters
Phase 2 Supported Crypto Parameters
Encryption
3DES
AES-128
AES-192
AES-256
Null (not recommended)
DES
3DES
AES-128-CBC
AES-192-CBC
AES-256-CBC
AES-128-GCM
AES-192-GCM
AES-256-GCM
Authentication/Integrity
MD5
SHA-1
If you use IKEv2 with certificate-based authentication, only SHA1 is supported in IKE crypto profiles (Phase 1).
SHA-256
SHA-384
SHA-512
None
(supported with Galois/Counter Mode (GCM)
MD5
SHA-1
SHA-256
SHA-384
SHA-512
DH Group
Group 1
Group 2
Group 5
Group 14
Group 19
Group 20
No PFS
(not recommended)
Group 1
Group 2
Group 5
Group 14
Group 19
Group 20
Security Association (SA) Lifetime
Configurable
Configurable
SA Lifebytes
N/A
Configurable

Recommended For You