mirror of
https://github.com/strongswan/strongswan.git
synced 2025-10-05 00:00:45 -04:00
6 lines
442 B
Plaintext
6 lines
442 B
Plaintext
The roadwarrior <b>carol</b> proposes <b>3DES</b> encryption with SHA-1 authentication
|
|
as the only cipher suite for both the ISAKMP and IPsec SA. The gateway <b>moon</b> defines
|
|
<b>ike=aes-128-sha</b> only, but will accept any other support algorithm proposed by the peer,
|
|
leading to a successful negotiation of Phase 1. Because for Phase 2 <b>moon</b> enforces
|
|
<b>esp=aes-128-sha1!</b> by using the strict flag '!', the ISAKMP SA will fail.
|