Tip of the Day: The VPN CSP - What else is new for the Anniversary Edition

Today’s Tip…

Answer: The ability to specify crypto setting for IPsec VPN tunnel configurations, that’s what!

The Details

Another of the improvements to the VPNv2 Configuration Service Provider introduced in build 1607 includes the CryptographySuite URI node.  This node can be used to fine tune the crypto settings used by an IPsec VPN connection profile.  Review the following list of include URI paths for more information.

VPNv2/ProfileName/NativeProfile/CryptographySuite

• Controls Crypto properties of IPsec tunnels.

VPNv2/ProfileName/NativeProfile/CryptographySuite/AuthenticationTransformConstants

The following list contains the valid (chr) values:

• MD596
• SHA196
• SHA256128
• GCMAES128
• GCMAES192
• GCMAES256

VPNv2/ProfileName/NativeProfile/CryptographySuite/CipherTransformConstants

The following list contains the valid (chr) values:

• DES
• DES3
• AES128
• AES192
• AES256
• GCMAES128
• GCMAES192
• GCMAES256

VPNv2/ProfileName/NativeProfile/CryptographySuite/EncryptionMethod

The following list contains the valid (chr) values:

• DES
• DES3
• AES128
• AES192
• AES256

VPNv2/ProfileName/NativeProfile/CryptographySuite/IntegrityCheckMethod

The following list contains the valid (chr) values:

• MD5
• SHA196
• SHA256
• SHA384

VPNv2/ProfileName/NativeProfile/CryptographySuite/DHGroup

The following list contains the valid (chr) values:

• Group1
• Group2
• Group14
• ECP256
• ECP384
• Group24

VPNv2/ProfileName/NativeProfile/CryptographySuite/PfsGroup

The following list contains the valid values:

• PFS1
• PFS2
• PFS2048
• ECP256
• ECP384
• PFSMM
• PFS24