On Thu, 7 Nov 2013, Tero Kivinen wrote:
The VPN products from Cisco, Juniper and Check Point support them,
as well as both StrongSwan and OpenSwan. I'm sure there are others
as well.
But which version of their products support which version of the ECC
groups?
So have you actually seen anyone actually using those groups between
different vendors? I think quite a lot of our customers still have
IKEv1 configured by default
Yes, with 3des-md5 and pfs disabled. Every single time I talk to a
sysadmin configuring interop to a Cisco. I don't think it is the
vendor's fault. It's that IPsec is too complicated for sysadmins,
so the documentation from 15 years ago is still re-used today.
Paul
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
