Before starting work on building an IPsec VPN tunnel between your on-prem firewall/router and the Infoblox’s NIOS-XaaS, you will need to setup some pre-requisites in the Infoblox Portal Portal.
A “PSK Credential” (Configure > Administration > Credentials. Add a “Pre Shared Key” credential. This is the IPsec VPN PSK.
A “Location” (Configure > Administration > Location). The “Location” object represents the site that you are creating the VPN from. For example, if you have 20 offices that you want to connect to NIOS-XaaS, you will need to configure 20 locations.
A “As-A-Service” instance ” (Configure > Service Deployment > As-A-Service) that links to the Location and PSK Credential.
...
Phase 1 Crypto Settings (IKE)
Algorithm Type | Supported Algorithms |
Encryption | "AES128-GCM, AES256-GCM, AES-128, AES-256" |
Integrity | SHA2-256 SHA2-384 SHA2-512 |
Diffie-Hellman Groups | 14 (2048-bit MODP) |
Lifetime | 48 hours |
On Palo Alto Networks, PFS must be set to “None” rather than 14 if Encryption is set to use the Grid Master Candidate.
...
Phase 2 Crypto Settings (IPsec)
Algorithm Type | Supported Algorithms |
Encryption | "AES128-GCM, AES256-GCM, AES-128, AES-256" |
Integrity | SHA2-256 SHA2-384 SHA2-512 |
Diffie-Hellman Groups | 14 (2048-bit MODP) |
Lifetime | 23 hours |
On Palo Alto Networks, PFS must be set to “None” rather than 14 if Encryption is set to use the Grid Master Candidate.
...