08-27-2025 01:23 AM
I am looking to replace all existing CBC encryption with GCM within IPSec/ IKE crypto but need to be certain that functionality will remain.
What if any impact would this have on the existing profiles if changed?
Unfortunately could not find a definitive answer on the forums/ elsewhere. Many thanks.
08-28-2025 06:26 AM
Except for a little outage the moment you make the change on both sides, nothing would really change.
I'd double check to make sure each (IKE + IPSec) profile is only used by the intended ike gateway/ipsec tunnel. If you're using the same profile for all your gateways and tunnels, start by creating a fresh one and assigning that to the gateways/tunnels you intend to switch over so you can take it step by step. in some cases the transition may be a little less smoothly if the remote end is a different vendor.
remember to set authentication in the IKE profile to 'non-auth'
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
