Before starting work on building an IPsec VPN tunnel between your on-prem firewall/router and the Infoblox’s NIOS-XaaS, you will need to setup some pre-requisites in the Infoblox Portal.
...
Algorithm Type | Supported Algorithms |
Encryption | AES128-GCM, AES256-GCM, AES-128, AES-256, ECP-256 |
Integrity/Authentication | SHA2-256, SHA2-384, SHA2-512 ("non-auth/none" if you are using a GCM Encryption) |
Diffie-Hellman Groups | 14 (2048-bit MODP) |
Lifetime | 48 hours |
Rekey time | 4 hours |
...
Algorithm Type | Supported Algorithms |
Encryption | AES128-GCM, AES256-GCM, AES-128, AES-256, ECP-256 |
Integrity/Authentication | SHA2-256, SHA2-384, SHA2-512 (if you are using a GCM Encryption, this can optionally be set to "non-auth/non") |
Diffie-Hellman Groups | 14 (2048-bit MODP) |
Lifetime | 23 hours |
Rekey time | 4 hours |
...
The following tunnel service statuses are reported:
Not Ready (status color ORANGE ): Indicates that the service is in the process of being provisioned at the Infoblox POP (service location). This is a one-time state; it will not revert back to this state once it changes.
Ready (status color ORANGE): Indicates the backend for the tunnel(s) is provisioned, but the link is not physically connected at the customer site. This is a one-time state; it will not revert to this state once it changes.
Connected (status color GREEN): All tunnels are active and operational on both ends: both the Infoblox PoP and the customer site (router).
Not Connected (status color RED): Indicates that all tunnels are down.
Degraded (status color ORANGE): Indicates that there are multiple tunnels to one Availability Zone and one or more (not all) of the tunnels go down, or if any existing tunnel fails, it results in a degraded state. Degradation is based on tunnel metrics such as latency and packet loss.
...