Chapter 24 L2TP VPN
SBG3500-N Series User’s Guide
304
After phase 1 tunnel is established, IPSec phase 2 negotiations begin. Table 117 on page 304 lists
the IPSec phase 2 proposals provided by a built-in L2TP client in the popular operating systems.
The first proposal that can be supported by the phase 2 setting in the Default_L2TPVPN IPSec
VPN rule will be accepted by the SBG3500-N Series. The algorithms in red in Table 117 on page 304
indicate the ones that will be accepted based on Table 104 on page 285.
Table 116 Phase 1 IPSec proposals provided by the built-in L2TP client in popular operating systems
(Encryption/Authentication/Key Group)
WINDOWS XP WINDOWS VISTA WINDOWS 7 IOS 5.1 ANDROID 4.1
1 3DES/SHA1/
DH15
3DES/SHA1/
DH15
AES/SHA1/DH15 AES/SHA1/DH2 AES/SHA1/DH2
2 3DES/SHA1/DH2 3DES/SHA1/DH2 3DES/SHA1/
DH15
AES/MD5/DH2 AES/MD5/DH2
3 3DES/MD5/DH2 3DES/SHA1/DH2 3DES/SHA1/DH2 3DES/SHA1/DH2
4 DES/SHA1/DH1 3DES/MD5/DH2 3DES/MD5/DH2
5DES/MD5/DH1 DES/SHA1/DH2
6 DES/MD5/DH2
Table 117 Phase 2 IPSec proposals provided by the built-in L2TP client in popular operating systems (Tunnel
Mode/Encryption/Authentication) [Encapsulation = Transport]
WINDOWS XP WINDOWS VISTA WINDOWS 7 IOS 5.1 ANDROID 4.1
1 ESP/3DES/MD5
ESP/3DES/SHA1
ESP/AES/SHA1 ESP/AES/SHA1 ESP/AES/SHA1
ESP/AES/MD5
ESP/3DES/SHA1
ESP/3DES/MD5
ESP/AES/SHA1
ESP/AES/MD5
ESP/3DES/SHA1
ESP/3DES/MD5
ESP/DES/SHA1
ESP/DES/MD5
2 AH/-/SHA1 and
ESP/3DES/-
ESP/3DES/SHA1 ESP/3DES/SHA1
3AH/-/MD5 and
ESP/3DES/-
AH/-/SHA1 and
ESP/AES/-
ESP/DES/SHA1
4 AH/-/SHA1 and
ESP/3DES/SHA1
AH/-/SHA1 and
ESP/3DES/-
ESP/-/SHA1
5AH/-/MD5 and
ESP/3DES/MD5
AH/-/SHA1 and
ESP/3DES/SHA1
AH/-/SHA1
6ESP/DES/MD5
ESP/DES/SHA1
ESP/-/SHA1
AH/-/SHA1
To Next Page
Loading...
