IPset Network Segmentation Virtual Tunnel Interface (VTI) Encapsulating Security Payload (ESP) Network Address Translation (NAT) Source/Destination Check Subnet TLS Cipher Suite VPC 3DES Advanced Encryption Standard Autonomous System Border Gateway Protocol CIDR Clientpack Destination NAT Diffie-Helman Encryption Internet Key Exchange (IKE) IP Forwarding Maximum Transmission Unit (MTU) Network Sniffer OpenVPN Overlay Network Perfect Forward Secrecy (PFS) Security Association (SA) SHA SNMP Transmission Control Protocol (TCP) Transport Layer Security (TLS) User Datagram Protocol (UDP) VNS3 Peer VNS3 Routing Agent Wireguard Workforce Service Edge x509 Certificate Ipsec

Diffie-Helman

Diffie–Hellman is a public key exchange algorithm used in IPsec connections for establishing a secret communication over an untrusted network.

Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process:

• DH Group 1: 768-bit group
• DH Group 2: 1024-bit group
• DH Group 5: 1536-bit group
• DH Group 14: 2048-bit group
• DH Group 15: 3072-bit group
• DH Group 19: 256-bit elliptic curve group
• DH Group 20: 384-bit elliptic curve group

The DH group is negotiated during phase 1 of the IPsec negotiation process. Both peers must agree on a group. Diffie-Hellman groups may also be used in Phase 2 of an IPsec connection when using Perfect Forward Secrecy.