There are two types of VPN connections that you can create: statically-routed VPN connections and dynamically-routed VPN connections.

Customer gateway devices supporting statically-routed VPN connections MUST be able to:

• Establish IKE Security Association using Pre-Shared KEYS
• Establish IPsec Security Associations in Tunnel mode
• Utilize the AES 128-bit or 256-bit encryption function
• Utilize the SHA-1 or SHA-2 (256) HASHING function
• Utilize Diffie-Hellman (DH) Perfect Forward Secrecy in "Group 2" mode, or one of the additional DH groups we support
• Perform packet fragmentation prior to encryption
• In addition to the above capabilities, devices supporting dynamically-routed VPN connections must be able to:
• Establish Border Gateway Protocol (BGP) peerings
• BIND tunnels to logical interfaces (route-based VPN)
• Utilize IPsec Dead Peer Detection

There are two types of VPN connections that you can create: statically-routed VPN connections and dynamically-routed VPN connections.

Customer gateway devices supporting statically-routed VPN connections must be able to: