search cancel

IKEv1 and IKEv2 support in WSS

book

Article ID: 242835

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

In WSS, does the IPsec/VPN firewall access method support both IKEv1 and IKEv2 configurations?

Resolution


WSS supports both IKEv1 and IKEv2 for IPsec/VPN...with these specific configurations: 

(IKEv1) Main Mode PSK authentication using static IP as the peer ID

(IKEv2) PSK authentication using FQDN as the peer ID


Notes: 
- IKEv2 with FQDN is recommended if the firewall/router does NOT have a static egress IP

- With IKEv1, WSS does not support Aggressive Mode (WSS only supports Main Mode with IKEv1)

- With IKEv1, FQDN is not supported

 

Additional Information

VPN IKEv2 with Pre-Shared Key and Dynamic IP/FQDN

VPN IKEv1 Pre-Shared Key with Static IP