Merge pull request #79336 from anzaman/master

Ja-Dunn · web-flow · commit f93b38a3e8c2 · 2019-06-11T15:26:58.000-07:00
IKE and TLS policies
diff --git a/articles/vpn-gateway/point-to-site-about.md b/articles/vpn-gateway/point-to-site-about.md
@@ -82,6 +82,68 @@ The zip file also provides the values of some of the important settings on the A
 >The Basic SKU does not support IKEv2 or RADIUS authentication.
 >
 
+## <a name="IKE/IPsec policies"></a>What IKE/IPsec policies are configured on VPN gateways for P2S?
+
+
+**IKEv2**
+
+|**Cipher** | **Integrity** | **PRF** | **DH Group** |
+|---		| ---			| ---		| --- 	|
+|GCM_AES256 |	GCM_AES256	| SHA384	| GROUP_24 |
+|GCM_AES256 |	GCM_AES256	| SHA384	| GROUP_14 |
+|GCM_AES256 |	GCM_AES256	| SHA384	| GROUP_ECP384 |
+|GCM_AES256 |	GCM_AES256	| SHA384	| GROUP_ECP256 |
+|GCM_AES256 |	GCM_AES256	| SHA256	| GROUP_24 |
+|GCM_AES256 |	GCM_AES256	| SHA256	| GROUP_14 |
+|GCM_AES256 |	GCM_AES256	| SHA256	| GROUP_ECP384 |
+|GCM_AES256 |	GCM_AES256	| SHA256	| GROUP_ECP256 |
+|AES256     |   SHA384		| SHA384	| GROUP_24 |
+|AES256     |   SHA384		| SHA384	| GROUP_14 |
+|AES256     |   SHA384		| SHA384	| GROUP_ECP384 |
+|AES256     |   SHA384		| SHA384	| GROUP_ECP256 |
+|AES256     |   SHA256		| SHA256	| GROUP_24 |
+|AES256     |   SHA256		| SHA256	| GROUP_14 |
+|AES256     |   SHA256		| SHA256	| GROUP_ECP384 |
+|AES256     |   SHA256		| SHA256	| GROUP_ECP256 |
+|AES256     |   SHA256		| SHA256	| GROUP_2 |
+
+**IPsec**
+
+|**Cipher** | **Integrity** | **PFS Group** |
+|---		| ---			| ---		|
+|GCM_AES256	| GCM_AES256 | GROUP_NONE |
+|GCM_AES256	| GCM_AES256 | GROUP_24 |
+|GCM_AES256	| GCM_AES256 | GROUP_14 |
+|GCM_AES256	| GCM_AES256 | GROUP_ECP384 |
+|GCM_AES256	| GCM_AES256 | GROUP_ECP256 |
+| AES256	| SHA256 | GROUP_NONE |
+| AES256	| SHA256 | GROUP_24 |
+| AES256	| SHA256 | GROUP_14 |
+| AES256	| SHA256 | GROUP_ECP384 |
+| AES256	| SHA256 | GROUP_ECP256 |
+| AES256	| SHA1 | GROUP_NONE |
+
+## <a name="TLS policies"></a>What TLS policies are configured on VPN gateways for P2S?
+**TLS**
+
+|**Policies** |
+|---| 
+|TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
+|TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
+|TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
+|TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
+|TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
+|TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
+|TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
+|TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
+|TLS_RSA_WITH_AES_128_GCM_SHA256 |
+|TLS_RSA_WITH_AES_256_GCM_SHA384 |
+|TLS_RSA_WITH_AES_128_CBC_SHA256 |
+|TLS_RSA_WITH_AES_256_CBC_SHA256 |
+
+
+
+
 ## <a name="configure"></a>How do I configure a P2S connection?
 
 A P2S configuration requires quite a few specific steps. The following articles contain the steps to walk you through P2S configuration, and links to configure the VPN client devices:
