IPSec v2 - Does it utilise Encapsulating Security Payload protocols?

TheMob 25 Reputation points
2023-04-18T02:53:53.33+00:00

Do IPSecV2 connections (specifically site-to-site) use Encapsulating Security Payload protocols by default?

I understand the process is different for Transport Mode and Tunnel Mode.

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,404 questions
{count} votes

Accepted answer
  1. GitaraniSharma-MSFT 48,016 Reputation points Microsoft Employee
    2023-04-19T11:26:59.41+00:00

    Hello @TheMob ,

    Azure VPN gateway's IKE Phase 2 (Quick Mode) uses ESP algorithms by default for confidentiality and data origin authentication.

    Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices#ipsec

    https://github.com/Huachao/azure-content/blob/master/articles/vpn-gateway/vpn-gateway-about-vpn-devices.md#ipsec-parameters

    NOTE: You can specify IPsec ESP NULL encryption with RouteBased and HighPerformance VPN gateways. Null based encryption doesn't provide protection to data in transit and should only be used when maximum throughput and minimum latency is required. Clients may choose to use this in VNet-to-VNet communication scenarios, or when encryption is being applied elsewhere in the solution.

    If you require specific cryptographic algorithms or parameters, you can now configure your Azure VPN gateway to use a custom IPsec/IKE policy with specific cryptographic algorithms and key strengths, rather than the Azure default policy sets.

    Azure VPN gateways now support per-connection, custom IPsec/IKE policy. For a Site-to-Site or VNet-to-VNet connection, you can choose a specific combination of cryptographic algorithms for IPsec and IKE with the desired key strength.

    Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-compliance-crypto#cryptographic-requirements

    Kindly let us know if the above helps or you need further assistance on this issue.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

0 additional answers

Sort by: Most helpful