IKEv1 and IKEv2 support in WSS
search cancel

IKEv1 and IKEv2 support in WSS


Article ID: 242835


Updated On:


Cloud Secure Web Gateway - Cloud SWG


In WSS, does the IPsec/VPN firewall access method support both IKEv1 and IKEv2 configurations?


WSS supports both IKEv1 and IKEv2 for IPsec/VPN...with these specific configurations: 

(IKEv1) Main Mode PSK authentication using static IP as the peer ID

(IKEv2) PSK authentication using FQDN as the peer ID

- IKEv2 with FQDN is recommended if the firewall/router does NOT have a static egress IP

- With IKEv1, WSS does not support Aggressive Mode (WSS only supports Main Mode with IKEv1)

- With IKEv1, FQDN is not supported


Additional Information

VPN IKEv2 with Pre-Shared Key and Dynamic IP/FQDN

VPN IKEv1 Pre-Shared Key with Static IP