Configuring an IPsec Tunnel on Your Network Device or in Your SD-WAN Service
Configure the following Internet Key Exchange (IKE) and Internet Protocol Security (IPsec) settings to build primary and secondary IPsec tunnels on your networking device or in your SD-WAN service.
This includes the IP addresses of the best and second-best available Points of Presence (PoPs).
The web policy that you have configured is applied to web traffic when it is forwarded from an IPsec tunnel. You can choose the location name as filtering criteria in your web policy.
IKE Settings
IKE setting | Supported values (recommended values are shown in bold) |
---|---|
IKE version | 1 or 2 |
Remote Gateway | IP address of the best or second best available PoP. For information about routing traffic, see Routing Traffic to PoPs. |
Lifetime | 86400 seconds (24 hours) |
Authentication |
|
Encryption |
|
IPsec Settings
IPsec setting | Supported values (recommended values are shown in bold) |
---|---|
Local network | Your local subnet |
Remote network | 0.0.0.0/0 (Ports 80 and 443) |
Perfect Forward Secrecy (PFS) | Enabled |
Lifetime | <28800 seconds (8 hours) |
Security association (SA) |
|