IPsec encryption algorithms
Sophos Firewall supports the following encryption algorithms for IKEv1 and IKEv2 phase 1 and 2.
IKEv2 ciphers
Sophos Firewall supports these encryption algorithms for IKEv2.
Phase 1
DH group | Encryption | Authentication |
---|---|---|
1 (DH768) | AES256 | SHA2 512 |
2 (DH1024) | AES192 | SHA2 384 |
5 (DH1536) | AES128 | SHA2 256 |
14 (DH2048) | Blowfish | SHA1 |
15 (DH3072) | 3DES | MD5 |
16 (DH4096) | ||
17 (DH6144) | ||
18 (DH8192) | ||
25 (ecp192) | ||
26 (ecp224) | ||
19 (ecp256) | ||
20 (ecp384) | ||
21 (ecp521) | ||
31 (curve25519) |
Phase 2
DH group | Encryption | Authentication |
---|---|---|
None | AES256 | SHA2 512 |
Same as phase-I | AES192 | SHA2 384 |
1 (DH768) | AES128 | SHA2 256 |
2 (DH1024) | Blowfish | SHA1 |
5 (DH1536) | 3DES | MD5 |
14 (DH2048) | AES256GCM16 | |
15 (DH3072) | AES192GCM16 | |
16 (DH4096) | AES128GCM16 | |
17 (DH6144) | AES256GMAC | |
18 (DH8192) | AES192GMAC | |
25 (ecp192) | AES128GMAC | |
26 (ecp224) | ||
19 (ecp256) | ||
20 (ecp384) | ||
21 (ecp521) | ||
31 (curve25519) |
IKEv1 ciphers
Sophos Firewall supports these encryption algorithms for IKEv1.
Phase 1
DH group | Encryption | Authentication |
---|---|---|
1 (DH768) | AES256 | SHA2 512 |
2 (DH1024) | AES192 | SHA2 384 |
5 (DH1536) | AES128 | SHA2 256 |
14 (DH2048) | Blowfish | SHA1 |
15 (DH3072) | 3DES | MD5 |
16 (DH4096) | TwoFish | |
17 (DH6144) | Serpent | |
18 (DH8192) | ||
25 (ecp192) | ||
26 (ecp224) | ||
19 (ecp256) | ||
20 (ecp384) | ||
21 (ecp521) | ||
31 (curve25519) |
Phase 2
DH group | Encryption | Authentication |
---|---|---|
None | AES256 | SHA2 512 |
Same as phase-I | AES192 | SHA2 384 |
1 (DH768) | AES128 | SHA2 256 |
2 (DH1024) | Blowfish | SHA1 |
5 (DH1536) | 3DES | MD5 |
14 (DH2048) | AES256GCM16 | |
15 (DH3072) | AES192GCM16 | |
16 (DH4096) | AES128GCM16 | |
17 (DH6144) | AES256GMAC | |
18 (DH8192) | AES192GMAC | |
25 (ecp192) | AES128GMAC | |
26 (ecp224) | TwoFish | |
19 (ecp256) | Serpent | |
20 (ecp384) | ||
21 (ecp521) | ||
31 (curve25519) |
More resources