You need these Internet Key Exchange (IKE) and Internet Protocol Security (IPsec) values when configuring the primary and secondary IPsec tunnels on your networking device or in your SD-WAN service.
You enter the IP address of the best and second best available points of presence (PoPs) when you configure the primary and secondary IPsec tunnels, respectively.
NOTE: The configured Web Policy is applied on the traffic forwarded from the IPsec tunnel. You can choose location name (configured under Infrastructure | WSGS Setup | Configure Locations) as the top filtering criteria in your Web Policy.
|IKE setting||Supported values (recommended values are shown in bold)|
|IKE version||1 or 2|
|Remote Gateway||IP address of the best or second best available PoP. For information about routing traffic, see Routing Traffic to PoPs.|
|Lifetime||28800 seconds (8 hours)|
|IPsec setting||Supported values (recommended values are shown in bold)|
|Local network||Your local subnet|
|Remote network||0.0.0.0/0 (Ports 80 and 443)|
|Perfect Forward Secrecy (PFS)||Enabled|
|Lifetime||<28800 seconds (8 hours)|
|Security association (SA)||