You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/partials/magic-transit/tunnels-reference/tunnels-encapsulation-opening.mdx
+15-16Lines changed: 15 additions & 16 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -108,39 +108,38 @@ Internet Key Exchange (IKE) is one of the protocols that makes up IPsec. Cloudfl
108
108
109
109
Below is a list of the configuration parameters supported by Magic WAN. Choose which ones to use based on what your appliance supports.
110
110
111
-
<Detailsheader="IKE SA">
111
+
<Detailsheader="IKE SA (also known as Phase 1)">
112
112
113
113
IKE SA is sometimes referred to as Phase 1 as per IKEv1 language.
114
114
115
115
-**Encryption**
116
-
117
116
- AES-GCM-16 with 128-bit or 256-bit key length
118
117
- AES-CBC with 256-bit key length
119
118
120
119
-**Integrity** (sometimes referred to as Authentication)
121
-
122
120
- SHA2-256
123
121
124
122
-**Diffie-Hellman group**:
125
-
126
123
Below is a list of all Diffie-Hellman (DH) groups supported by Cloudflare.
127
124
128
-
:::caution
129
-
Cloudflare recommends that you use only one DH group when configuring your device, specifically **DH group 20**.
130
-
:::
131
-
132
125
- DH group 20 (384-bit random ECP group)
133
126
- DH group 14 (2048-bit MODP group)
134
127
- DH group 5 (1536-bit MODP group)
135
128
136
-
-**Pseudorandom function (PRF)** (not to be confused with PFS. PRF is often not a configurable setting.)
129
+
:::caution
130
+
Cloudflare recommends that you use only one DH group when configuring your device, specifically **DH group 20**.
131
+
:::
132
+
133
+
-**Pseudorandom function (PRF)**
134
+
135
+
Not to be confused with Perfect Forward Secrecy (PFS). PRF is often not a configurable setting.
137
136
- SHA2-256
138
137
- SHA2-384
139
138
- SHA2-512
140
139
141
140
</Details>
142
141
143
-
<Detailsheader="IPsec">
142
+
<Detailsheader="Child SA (also known as Phase 2 or IPsec SA)">
144
143
145
144
The Child SA. Sometimes referred to as Phase 2 as per IKEv1 language.
146
145
@@ -158,18 +157,18 @@ The Child SA. Sometimes referred to as Phase 2 as per IKEv1 language.
158
157
When using AES-GCM-16, an integrity algorithm is not required because AES GCM includes integrity checking (since it is an AEAD algorithm). Even when using an AEAD algorithm, however, some routers still require an integrity algorithm to be selected.
159
158
:::
160
159
161
-
-**PFS group** (sometimes referred to as Phase 2 Diffie-Hellman Group. Not to be confused with PRF.)
160
+
-**Perfect Forward Secrecy (PFS) group**
162
161
163
-
Below is a list of all Diffie-Hellman (DH) groups supported by Cloudflare.
164
-
165
-
:::caution
166
-
Cloudflare recommends that you use only one DH group when configuring your device, specifically **DH group 20**.
167
-
:::
162
+
Sometimes referred to as Phase 2 Diffie-Hellman Group. Not to be confused with PRF. Below is a list of all Diffie-Hellman (DH) groups supported by Cloudflare.
168
163
169
164
- DH group 20 (384-bit random ECP group)
170
165
- DH group 14 (2048-bit MODP group)
171
166
- DH group 5 (1536-bit MODP group)
172
167
168
+
:::caution
169
+
Cloudflare recommends that you use only one DH group when configuring your device, specifically **DH group 20**.
0 commit comments