Line 69: |
Line 69: |
| <td style="border-bottom: 4px solid white> | | <td style="border-bottom: 4px solid white> |
| # '''''Enable''''' '''''Local firewall;''''' | | # '''''Enable''''' '''''Local firewall;''''' |
− | # Remote source IP - '''''10.20.30.0/24;''''' | + | # Remote source IP - '''''10.20.30.0/24;''''' |
− | # Remote DNS '''''9.9.9.9;''''' | + | # Remote DNS - '''''9.9.9.9;''''' |
| </td> | | </td> |
| </tr> | | </tr> |
Line 88: |
Line 88: |
| # Authentication - '''''SHA512;''''' | | # Authentication - '''''SHA512;''''' |
| # DH group - '''''ECP521;''''' | | # DH group - '''''ECP521;''''' |
| + | # Force crypto proposal - '''enabled'''. |
| </td> | | </td> |
| </tr> | | </tr> |
Line 103: |
Line 104: |
| # Authentication - '''''SHA256;''''' | | # Authentication - '''''SHA256;''''' |
| # DH group - '''''ECP521;''''' | | # DH group - '''''ECP521;''''' |
| + | # Force crypto proposal - '''enabled'''. |
| </td> | | </td> |
| </tr> | | </tr> |
| </table> | | </table> |
| + | |
| + | '''Force crypto proposal''' option as it simplifies which algorithm suite will be used for both phases. |
| | | |
| ==RUT2 (Spoke) configuration== | | ==RUT2 (Spoke) configuration== |
Line 156: |
Line 160: |
| # Authentication - '''''SHA512;''''' | | # Authentication - '''''SHA512;''''' |
| # DH group - '''''ECP521;''''' | | # DH group - '''''ECP521;''''' |
| + | # Force crypto proposal - '''enabled'''. |
| </td> | | </td> |
| </tr> | | </tr> |
Line 171: |
Line 176: |
| # Authentication - '''''SHA256;''''' | | # Authentication - '''''SHA256;''''' |
| # DH group - '''''ECP521;''''' | | # DH group - '''''ECP521;''''' |
| + | # Force crypto proposal - '''enabled'''. |
| </td> | | </td> |
| </tr> | | </tr> |
| </table> | | </table> |
| + | |
| + | '''Force crypto proposal''' option as it simplifies which algorithm suite will be used for both phases. |
| | | |
| ==Testing the configuration== | | ==Testing the configuration== |