Merge pull request #236627 from cherylmc/crypto

update

Author: v-dirichards

articles/vpn-gateway/media/vpn-gateway-about-compliance-crypto/ikev1-ikev2-connections.png

@@ -5,7 +5,7 @@ description: Learn how to configure Azure VPN gateways to satisfy cryptographic
 author: cherylmc
 ms.service: vpn-gateway
 ms.topic: article
-ms.date: 02/13/2023
+ms.date: 05/02/2023
 ms.author: cherylmc
 
 ---
@@ -15,15 +15,15 @@ This article discusses how you can configure Azure VPN gateways to satisfy your
 
 ## About IKEv1 and IKEv2 for Azure VPN connections
 
-Traditionally we allowed IKEv1 connections for Basic SKUs only and allowed IKEv2 connections for all VPN gateway SKUs other than Basic SKUs. The Basic SKUs allow only 1 connection and along with other limitations such as performance, customers using legacy devices that support only IKEv1 protocols were having limited experience. In order to enhance the experience of customers using IKEv1 protocols, we are now allowing IKEv1 connections for all of the VPN gateway SKUs, except Basic SKU. For more information, see [VPN Gateway SKUs](./vpn-gateway-about-vpn-gateway-settings.md#gwsku). Note that VPN gateways using IKEv1 might experience up [tunnel reconnects](./vpn-gateway-vpn-faq.md#why-is-my-ikev1-connection-frequently-reconnecting) during Main mode rekeys.
+Traditionally we allowed IKEv1 connections for Basic SKUs only and allowed IKEv2 connections for all VPN gateway SKUs other than Basic SKUs. The Basic SKUs allow only 1 connection and along with other limitations such as performance, customers using legacy devices that support only IKEv1 protocols were having limited experience. In order to enhance the experience of customers using IKEv1 protocols, we're now allowing IKEv1 connections for all of the VPN gateway SKUs, except Basic SKU. For more information, see [VPN Gateway SKUs](./vpn-gateway-about-vpn-gateway-settings.md#gwsku). Note that VPN gateways using IKEv1 might experience up [tunnel reconnects](./vpn-gateway-vpn-faq.md#why-is-my-ikev1-connection-frequently-reconnecting) during Main mode rekeys.
 
-![Azure VPN Gateway IKEv1 and IKEv2 connections](./media/vpn-gateway-about-compliance-crypto/ikev1-ikev2-connections.png)
+:::image type="content" source="./media/vpn-gateway-about-compliance-crypto/ikev1-ikev2-connections.png" alt-text="Diagram showing IKEv1 and IKEv2 connections to the same gateway." lightbox="./media/vpn-gateway-about-compliance-crypto/ikev1-ikev2-connections.png":::
 
-When IKEv1 and IKEv2 connections are applied to the same VPN gateway, the transit between these two connections is auto-enabled.
+When IKEv1 and IKEv2 connections are applied to the same VPN gateway, the transit between these two connections is autoenabled.
 
 ## About IPsec and IKE policy parameters for Azure VPN gateways
 
-IPsec and IKE protocol standard supports a wide range of cryptographic algorithms in various combinations. If you do not request a specific combination of cryptographic algorithms and parameters, Azure VPN gateways use a set of default proposals. The default policy sets were chosen to maximize interoperability with a wide range of third-party VPN devices in default configurations. As a result, the policies and the number of proposals cannot cover all possible combinations of available cryptographic algorithms and key strengths.
+IPsec and IKE protocol standard supports a wide range of cryptographic algorithms in various combinations. If you don't request a specific combination of cryptographic algorithms and parameters, Azure VPN gateways use a set of default proposals. The default policy sets were chosen to maximize interoperability with a wide range of third-party VPN devices in default configurations. As a result, the policies and the number of proposals can't cover all possible combinations of available cryptographic algorithms and key strengths.
 
 ### Default policy
 
@@ -39,16 +39,16 @@ For example, the IKEv2 main mode policies for Azure VPN gateways utilize only Di
 
 Azure VPN gateways now support per-connection, custom IPsec/IKE policy. For a Site-to-Site or VNet-to-VNet connection, you can choose a specific combination of cryptographic algorithms for IPsec and IKE with the desired key strength, as shown in the following example:
 
-![ipsec-ike-policy](./media/vpn-gateway-about-compliance-crypto/ipsecikepolicy.png)
+:::image type="content" source="./media/vpn-gateway-about-compliance-crypto/ipsecikepolicy.png" alt-text="Diagram showing custom policies per connection." lightbox="./media/vpn-gateway-about-compliance-crypto/ipsecikepolicy.png":::
 
 You can create an IPsec/IKE policy and apply to a new or existing connection.
 
 ### Workflow
 
-1. Create the virtual networks, VPN gateways, or local network gateways for your connectivity topology as described in other how-to documents
-2. Create an IPsec/IKE policy
-3. You can apply the policy when you create a S2S or VNet-to-VNet connection
-4. If the connection is already created, you can apply or update the policy to an existing connection
+1. Create the virtual networks, VPN gateways, or local network gateways for your connectivity topology as described in other how-to documents.
+2. Create an IPsec/IKE policy.
+3. You can apply the policy when you create a S2S or VNet-to-VNet connection.
+4. If the connection is already created, you can apply or update the policy to an existing connection.
 
 ## IPsec/IKE policy FAQ