Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 1 reply
  • Subscribers 40 subscribers
  • Views 1645 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Need help creating an IPSEC Policy IKEv2 that follows the following suggestions

tai1spin

I've been working on this all weekend and I can't seem to come up with a working IPSEC Tunnel. 

 

I'm trying to set up an IPSEC IKEv2 Tunnel to Zscaler for purpose of testing. I'm trying to follow Zscaler's IPSEC recommendations, but I'm doing something wrong. So my first ask is:

Using the link here --> https://help.zscaler.com/zia/configuring-ipsec-vpn-tunnel , I'm trying to set up the IPSEC policy for using IKEv2 as per this article --> https://help.zscaler.com/zia/configuring-ipsec-vpn-tunnel

 

Problem is I don't know if I'm setting this right or not as per the article above. I've created several iterations of this and I always seem to get the yellow warning sign when I'm trying to match DFH 2 & 14 to AES 256 with SHA 256... Anyone care to create a policy as per the Zscaler document and post it for me to follow?

I'm using 17.MR9 XG 



This thread was automatically locked due to age.
  • FormerMember
    +1 FormerMember

    Hi tai1spin,

    I just tried to create the IPsec policy as per the zscaler document and I was able to save the policy. 

    The yellow warning sign indicates that policy parameters selected are not considered secure. There is no issue with the policy configuration, it is DH group 2 and 3DES are not considered as secure. 

    Thanks,

Unfiltered HTML