From the course: Azure Network Engineer Associate (AZ-700) Cert Prep: Design, Implement, and Manage Connectivity Services
Join today to access over 24,100 courses taught by industry experts.
Configure IPSec/IKE - Azure Tutorial
From the course: Azure Network Engineer Associate (AZ-700) Cert Prep: Design, Implement, and Manage Connectivity Services
Configure IPSec/IKE
- [Instructor] The exam may test your knowledge of configuring custom IPsec/IKE policies for site-to-site VPN. And you may ask yourself, why would we configure a custom IPsec/IKE policy in the first place? Well, these policies affect encryption on connections in VNet-to-VNet and site-to-site scenarios. But why custom? Well, it allows you to choose algorithm and settings for both encryption and integrity. This impacts encryption strength and performance of the connection and potentially overall security. So Microsoft has shown us performance, and they said choosing GCMAES256 for both encryption and integrity was best. And then they showed us average and lowest options. Unless your on-premises device doesn't support it, GCMAES256 is always going to be the way you would go, but your device capabilities in the on-prem scenario in the site-to-site scenario will dictate. So, earlier in the course, we looked at the site-to-site VPN scenario, connecting Azure to on-prem, and we looked at the…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.