You need to use specific settings with your on-premises router to ensure that your VPN connection is created successfully.

Phase 1 Internet Key Exchange (IKE) Settings

Settings marked with an * can't be changed in the VMC Console interface and are required for proper operation of the VPN tunnel. Settings not marked can be edited in the VMC Console. The values in the table are the recommended values. If you choose other values, please ensure that your on-premises gateway is set to match what you have set in the VMC Console.

Attribute

Value

Protocol*

IKEv1

ISAKMP mode*

Main mode (Disable aggressive mode)

ISAKMP/IKE SA lifetime*

28800 seconds

Encryption Algorithm

AES-256

Hashing Algorithm*

SHA-1

Diffie Hellman

DH Group 2

IPsec Mode*

Tunnel

IKE Authentication*

Pre-Shared Key

Phase 2 Settings

Attribute

Value

Encryption Algorithm

AES-256

Hashing Algorithm*

SHA-1

Tunnel Mode*

Encapsulating Security Payload (ESP)

Diffie Hellman

DH Group 2

SA lifetime *

3600 seconds (one hour)

Perfect forward secrecy (PFS)*

Enabled