@reaper You have accurately put it there and I just got it working successfully yesterday with not specific type stated will automatically meaning as CBC. Thank you for sharing your knowledge and wishing all the best! Next challenge will be DHCP from the Remote Site via the Tunnel to the AD and DHCP server that is situated in the HQ. Drop me any link of a related topic if you got one. Thank you again!
... View more
I was configuring a Site-to-site IPsec VPN and I was having a hard time matching my Encryption and Authentication parameters. The remote end device is Huawei Eudemon 1000E and my local device is PA-800. I have finished the configuration both sides by picking the closed parameters(I suppose) which I presume would work to get the tunnel up and running. Unfortunately, Its not up and running yet and my prime suspicion would be the IPsec parameters not matching on each of the peers. I have details here below: Supported parameters on my local PA800 are: And on the remote Huawei Firewall Device, the supported parameters are: For Phase-1, the closest and the strongest possible IKE Encryption algorithm that is present on both sides would be the AES-256 which is AES-256-CBC on my side and a mere AES-256 on the remote side. Will these two work fine together where each configured on their respective end or I will be having a problem here? In a similar case for Phase-2 Encryption, the closest and the strongest possible Encryption algorithms that is present on both sides would be the AES-256 which is AES-256-CBC/AES-256-GCM on my side and again a bloody plain AES-256 on the remote side. So will these two work fine together where each configured on their respective end or I will be having another problem here too? Based on your view on #1 and #2, what option is the best and viable way to proceed? On the Remote end of Huawei Eudemon, there is a Choice Integrity algorithm option which I am not clear about on how to proceed with? What recommendation do you have for me here?
... View more