|
IPSec—Post-Quantum Cryptographic Suites (PQCs)
|
You can use these cipher suites to secure the rekey operations for
your IPSec tunnels.
- ML-KEM—512-bit, 768-bit, and 1024-bit keys
- HQC—128-bit, 192-bit, and 256-bit keys
- BIKE—bike-L1, bike-L3, & bike-L5
- Classic McEliece—348,864-bit and 348,864f-bit
- FrodoKEM:
- 640-AES, 976-AES, and 1344-AES
- 640-SHAKE, 976-SHAKE, and 1344-SHAKE
- NTRU-Prime—sntrup761
|
|
IPSec—Encryption
|
NULL 3DES AES-128-CBC AES-192-CBC AES-256-CBC AES-128-CCM AES-128-GCM AES-256-GCM
|
|
IPSec—Message Authentication
|
NONE HMAC-MD5 HMAC-SHA-1 HMAC-SHA-256 HMAC-SHA-384 HMAC-SHA-512
|
|
IPSec—Key Exchange
|
Diffie-Hellman groups with or without perfect forward secrecy
(PFS):
No PFS—This option specifies that the firewall reuses the
same key for IKE phase 1 and phase 2 instead of renewing the
key for phase 2. Group 1 (768-bit keys) with PFS enabled Group 2 (1024-bit keys) with PFS enabled Group 5 (1536-bit keys) with PFS enabled Group 14 (2048-bit keys) with PFS enabled Group 15 (3072-bit modular exponential group) Group 16 (4096-bit modular exponential group) Group 19 (256-bit elliptic curve group) with PFS enabled Group 20 (384-bit elliptic curve group) with PFS enabled Group 21 (512-bit random elliptic curve group)
|
