Merge pull request #251183 from cherylmc/patch-1

prmerger-automator[bot] · web-flow · commit 332d9c560525 · 2023-09-13T16:15:42.000Z
update
diff --git a/includes/virtual-wan-ipsec-custom-include.md b/includes/virtual-wan-ipsec-custom-include.md
@@ -5,7 +5,7 @@
  author: cherylmc
  ms.service: virtual-wan
  ms.topic: include
- ms.date: 05/25/2023
+ ms.date: 09/12/2023
  ms.author: cherylmc
  ms.custom: include file
 ---
@@ -15,7 +15,7 @@ When working with custom IPsec policies, keep in mind the following requirements
 * **IKE** - For IKE, you can select any parameter from IKE Encryption, plus any parameter from IKE Integrity, plus any parameter from DH Group.
 * **IPsec** -  For IPsec, you can select any parameter from IPsec Encryption, plus any parameter from IPsec Integrity, plus PFS. If any of the parameters for IPsec Encryption or IPsec Integrity is GCM, then the parameters for both settings must be GCM.
 
-With Custom IPsec policies, there is no concept of responder and initiator (unlike Default IPsec policies). Both sides (on-premises and Azure VPN gateway) will use the same settings for IKE Phase 1 and IKE Phase 2. Both IKEv1 and IKEv2 protocols are supported.
+The default custom policy includes SHA1, DHGroup2, and 3DES for backward compatibility. These are weaker algorithms that aren't supported when creating a custom policy. We recommend only using the following algorithms:
 
 **Available settings and parameters**
 
