Skip to main content
Versa Networks

Configure the IPsec Transform and DH Group for Branch-to-Branch Deployments

Versa-logo-release-icon.pngFor supported software information, click here.

By default, Concerto uses predefined IPsec branch-to-branch transforms and branch-to-branch Diffie-Hellman (DH) groups to program a tenant's appliances in an SD-WAN deployment. To use different algorithms, you can select a different branch-to-branch transform and branch-to-branch DH group to program a tenant's appliances.

To configure the IPsec transform and DH group for branch-to-branch deployments:

  1. Go to the tenant home screen and select Settings > SD-WAN Overlay > IPsec in the left navigation bar.

    Settings-IPsec-left-nav-border.png

    The following screen displays.

    Settings-LC-IPSec-screen-v2-border.png
     
  2. Enter information for the following fields.
     
    Field Description
    Branch-to-Branch Transform

    Select an IPsec branch-to-branch transform to use:

    • esp-aes-128-md5
    • esp-aes-256-md5
    • esp-null-md5
    Branch-to-Branch DH Group

    Select an IPsec branch-to-branch DH group to use:

    • Diffie-Hellman Group 1—786-bit modulus
    • Diffie-Hellman Group 14—2048-bit modulus
    • Diffie-Hellman Group 15—3072-bit modulus
    • Diffie-Hellman Group 16—521-bit elliptic curve
    • Diffie-Hellman Group 21—4096-bit modulus
    • Diffie-Hellman Group 25—192-bit elliptic curve
  3. Click Save.

Supported Software Information

Releases 11.1.1 and later support all content described in this article.

Additional Information

Concerto Home Screen Overview