Configure the IPsec Transform and DH Group for Branch-to-Branch Deployments
For supported software information, click here.
By default, Concerto uses predefined IPsec branch-to-branch transforms and branch-to-branch Diffie-Hellman (DH) groups to program a tenant's appliances in an SD-WAN deployment. To use different algorithms, you can select a different branch-to-branch transform and branch-to-branch DH group to program a tenant's appliances.
To configure the IPsec transform and DH group for branch-to-branch deployments:
- Go to the tenant home screen and select Settings > SD-WAN Overlay > IPsec in the left navigation bar.
The following screen displays.
- Enter information for the following fields.
Field Description Branch-to-Branch Transform Select an IPsec branch-to-branch transform to use:
- esp-aes-128-md5
- esp-aes-256-md5
- esp-null-md5
Branch-to-Branch DH Group Select an IPsec branch-to-branch DH group to use:
- Diffie-Hellman Group 1—786-bit modulus
- Diffie-Hellman Group 14—2048-bit modulus
- Diffie-Hellman Group 15—3072-bit modulus
- Diffie-Hellman Group 16—521-bit elliptic curve
- Diffie-Hellman Group 21—4096-bit modulus
- Diffie-Hellman Group 25—192-bit elliptic curve
- Click Save.
Supported Software Information
Releases 11.1.1 and later support all content described in this article.