MTU considerations

The maximum transmission unit (MTU) is the size, in bytes, of the largest packet supported by a network layer protocol, including both headers and IP packet payload.

Network packets sent over a VPN tunnel are encrypted and then encapsulated in an outer packet so that they can be routed. Cloud VPN tunnels use IPsec and ESP for encryption and encapsulation. Because the encapsulated inner packet must itself fit within the MTU of the outer packet, its maximum IP packet payload must be smaller.

Encapsulation and fragmentation

Cloud VPN uses prefragmentation. Enable prefragmentation on your VPN gateway so that packets that it sends are fragmented before they are encrypted and encapsulated. Packets sent from your peer systems must have the DF bit turned off.

Gateway MTU versus payload MTU

Cloud VPN differentiates between the Cloud VPN gateway MTU and the Cloud VPN payload MTU.

Configure your peer VPN gateway to use an MTU of no greater than 1460 bytes. We recommend a value of 1460 bytes so that your peer VPN gateway and the Cloud VPN gateway match.

The actual MTU for packets using a VPN tunnel can be lower than the Cloud VPN payload MTU if, for any reason, an element in the path has a lower MTU. The actual MTU is affected by the following:

  • For TCP traffic, MSS clamping rewrites the SYN packet of the initial TCP handshake. This action lets systems dynamically adjust maximum segment size (MSS) to accommodate encapsulation. The value for MSS clamping is set to the maximum IP packet payload minus 40 bytes. The maximum IP packet payload depends on the cipher used to encrypt traffic over Cloud VPN.

  • For TCP and UDP traffic, if your firewall rule permits ICMP traffic, then Path MTU Discovery (PMTUD) can negotiate smaller MTU sizes under certain circumstances.

HA VPN over Cloud Interconnect gateway MTU versus payload MTU

HA VPN over Cloud Interconnect differentiates between the HA VPN over Cloud Interconnect gateway MTU and the HA VPN over Cloud Interconnect payload MTU.

Configure your peer VPN gateway to use an MTU of no greater than 1440 bytes. We recommend a value of 1440 bytes so that your peer VPN gateway and the HA VPN over Cloud Interconnect gateway match.

The actual MTU for packets using a VPN tunnel can be lower than the HA VPN over Cloud Interconnect payload MTU if, for any reason, an element in the path has a lower MTU. The actual MTU is affected by the following:

  • For TCP traffic, MSS clamping rewrites the SYN packet of the initial TCP handshake. This action lets systems dynamically adjust maximum segment size (MSS) to accommodate encapsulation. The value for MSS clamping is set to the maximum IP packet payload minus 40 bytes. The maximum IP packet payload depends on the cipher used to encrypt traffic over Cloud VPN.

  • For TCP and UDP traffic, if your firewall rule permits ICMP traffic, then Path MTU Discovery (PMTUD) can negotiate smaller MTU sizes under certain circumstances.

Performance considerations

MSS clamping and PMTUD do not solve every cause of packet loss. Consider these strategies to ensure that systems can reliably communicate over a Cloud VPN tunnel:

  • If the MTU of your on-premises VPN gateway is set to 1460 bytes, consider setting the MTU of on-premises and Google Cloud VMs to 1390 bytes if:

    • MSS clamping doesn't mitigate packet loss for TCP traffic.
    • You are sending UDP traffic, and PMTUD is not possible. For example, not all UDP applications can take advantage of PMTUD.

  • If you configured the MTU of your peer VPN gateway to a value less than 1440 bytes, you must determine an acceptable MTU for peer systems and Google Cloud VMs. This MTU must be approximately 70 bytes lower than the MTU of your gateway.

Encrypted traffic MTU values

Cloud VPN payload MTU values

The Cloud VPN payload MTU depends on the ciphers chosen in your Cloud VPN connection.

Payload MTU for AEAD ciphers

The following table shows phase 1 to phase 2 cipher combinations for AEAD ciphers. The Cloud VPN payload MTU for the following combinations is 1406. The HA VPN over Cloud Interconnect payload MTU for the following combinations is 1386.

Phase 1 Phase 2
AES-GCM-16-128 AES-GCM-16-128
AES-GCM-16-192 AES-GCM-16-192
AES-GCM-16-256 AES-GCM-16-256
AES-GCM-16-128 AES-GCM-16-192
AES-GCM-16-192 AES-GCM-16-128
AES-GCM-16-256 AES-GCM-16-192
AES-GCM-16-128 AES-GCM-16-256
AES-GCM-16-192 AES-GCM-16-256
AES-GCM-16-256 AES-GCM-16-128

Payload MTU for non-AEAD ciphers

The following table shows phase 1 to phase 2 cipher combinations for non-AEAD ciphers that have an Cloud VPN payload MTU of 1374. The HA VPN over Cloud Interconnect payload MTU for the following combinations is 1354.

Phase 1 - Encryption Phase 1 - Integrity Phase 2 - Encryption Phase 2 - Integrity
AES-CBC-128 AES-XCBC-96 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-128 AES-XCBC-96 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-128 AES-XCBC-96 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-128 AES-CMAC-96 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-128 AES-CMAC-96 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-128 AES-CMAC-96 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-128 HMAC-SHA1-96 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-128 HMAC-SHA1-96 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-128 HMAC-SHA1-96 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-128 HMAC-MD5-96 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-128 HMAC-MD5-96 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-128 HMAC-MD5-96 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-128 HMAC-SHA256-128 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-128 HMAC-SHA256-128 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-128 HMAC-SHA256-128 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-128 HMAC-SHA384-192 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-128 HMAC-SHA384-192 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-128 HMAC-SHA384-192 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-128 HMAC-SHA512-256 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-128 HMAC-SHA512-256 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-128 HMAC-SHA512-256 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-192 AES-XCBC-96 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-192 AES-XCBC-96 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-192 AES-XCBC-96 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-192 AES-CMAC-96 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-192 AES-CMAC-96 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-192 AES-CMAC-96 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-192 HMAC-SHA1-96 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-192 HMAC-SHA1-96 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-192 HMAC-SHA1-96 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-192 HMAC-MD5-96 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-192 HMAC-MD5-96 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-192 HMAC-MD5-96 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-192 HMAC-SHA256-128 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-192 HMAC-SHA256-128 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-192 HMAC-SHA256-128 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-192 HMAC-SHA384-192 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-192 HMAC-SHA384-192 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-192 HMAC-SHA384-192 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-192 HMAC-SHA512-256 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-192 HMAC-SHA512-256 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-192 HMAC-SHA512-256 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-256 AES-XCBC-96 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-256 AES-XCBC-96 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-256 AES-XCBC-96 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-256 AES-CMAC-96 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-256 AES-CMAC-96 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-256 AES-CMAC-96 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-256 HMAC-SHA1-96 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-256 HMAC-SHA1-96 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-256 HMAC-SHA1-96 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-256 HMAC-MD5-96 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-256 HMAC-MD5-96 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-256 HMAC-MD5-96 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-256 HMAC-SHA256-128 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-256 HMAC-SHA256-128 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-256 HMAC-SHA256-128 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-256 HMAC-SHA384-192 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-256 HMAC-SHA384-192 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-256 HMAC-SHA384-192 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-256 HMAC-SHA512-256 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-256 HMAC-SHA512-256 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-256 HMAC-SHA512-256 AES-CBC-256 HMAC-SHA2-512-256
3DES-CBC AES-XCBC-96 AES-CBC-128 HMAC-SHA2-512-256
3DES-CBC AES-XCBC-96 AES-CBC-192 HMAC-SHA2-512-256
3DES-CBC AES-XCBC-96 AES-CBC-256 HMAC-SHA2-512-256
3DES-CBC AES-CMAC-96 AES-CBC-128 HMAC-SHA2-512-256
3DES-CBC AES-CMAC-96 AES-CBC-192 HMAC-SHA2-512-256
3DES-CBC AES-CMAC-96 AES-CBC-256 HMAC-SHA2-512-256
3DES-CBC HMAC-SHA1-96 AES-CBC-128 HMAC-SHA2-512-256
3DES-CBC HMAC-SHA1-96 AES-CBC-192 HMAC-SHA2-512-256
3DES-CBC HMAC-SHA1-96 AES-CBC-256 HMAC-SHA2-512-256
3DES-CBC HMAC-MD5-96 AES-CBC-128 HMAC-SHA2-512-256
3DES-CBC HMAC-MD5-96 AES-CBC-192 HMAC-SHA2-512-256
3DES-CBC HMAC-MD5-96 AES-CBC-256 HMAC-SHA2-512-256
3DES-CBC HMAC-SHA256-128 AES-CBC-128 HMAC-SHA2-512-256
3DES-CBC HMAC-SHA256-128 AES-CBC-192 HMAC-SHA2-512-256
3DES-CBC HMAC-SHA256-128 AES-CBC-256 HMAC-SHA2-512-256
3DES-CBC HMAC-SHA384-192 AES-CBC-128 HMAC-SHA2-512-256
3DES-CBC HMAC-SHA384-192 AES-CBC-192 HMAC-SHA2-512-256
3DES-CBC HMAC-SHA384-192 AES-CBC-256 HMAC-SHA2-512-256
3DES-CBC HMAC-SHA512-256 AES-CBC-128 HMAC-SHA2-512-256
3DES-CBC HMAC-SHA512-256 AES-CBC-192 HMAC-SHA2-512-256
3DES-CBC HMAC-SHA512-256 AES-CBC-256 HMAC-SHA2-512-256

The following table shows phase 1 to phase 2 cipher combinations for non-AEAD cipher that have an Cloud VPN payload MTU of 1390. The HA VPN over Cloud Interconnect payload MTU for the following combinations is 1370.

Phase 1 - Encryption Phase 1 - Integrity Phase 2 - Encryption Phase 2 - Integrity
AES-CBC-128 AES-XCBC-96 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-128 AES-XCBC-96 AES-CBC-128 HMAC-SHA1-96
AES-CBC-128 AES-XCBC-96 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-128 AES-XCBC-96 AES-CBC-192 HMAC-SHA1-96
AES-CBC-128 AES-XCBC-96 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-128 AES-XCBC-96 AES-CBC-256 HMAC-SHA1-96
AES-CBC-128 AES-CMAC-96 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-128 AES-CMAC-96 AES-CBC-128 HMAC-SHA1-96
AES-CBC-128 AES-CMAC-96 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-128 AES-CMAC-96 AES-CBC-192 HMAC-SHA1-96
AES-CBC-128 AES-CMAC-96 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-128 AES-CMAC-96 AES-CBC-256 HMAC-SHA1-96
AES-CBC-128 HMAC-SHA1-96 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-128 HMAC-SHA1-96 AES-CBC-128 HMAC-SHA1-96
AES-CBC-128 HMAC-SHA1-96 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-128 HMAC-SHA1-96 AES-CBC-192 HMAC-SHA1-96
AES-CBC-128 HMAC-SHA1-96 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-128 HMAC-SHA1-96 AES-CBC-256 HMAC-SHA1-96
AES-CBC-128 HMAC-MD5-96 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-128 HMAC-MD5-96 AES-CBC-128 HMAC-SHA1-96
AES-CBC-128 HMAC-MD5-96 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-128 HMAC-MD5-96 AES-CBC-192 HMAC-SHA1-96
AES-CBC-128 HMAC-MD5-96 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-128 HMAC-MD5-96 AES-CBC-256 HMAC-SHA1-96
AES-CBC-128 HMAC-SHA256-128 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-128 HMAC-SHA256-128 AES-CBC-128 HMAC-SHA1-96
AES-CBC-128 HMAC-SHA256-128 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-128 HMAC-SHA256-128 AES-CBC-192 HMAC-SHA1-96
AES-CBC-128 HMAC-SHA256-128 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-128 HMAC-SHA256-128 AES-CBC-256 HMAC-SHA1-96
AES-CBC-128 HMAC-SHA384-192 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-128 HMAC-SHA384-192 AES-CBC-128 HMAC-SHA1-96
AES-CBC-128 HMAC-SHA384-192 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-128 HMAC-SHA384-192 AES-CBC-192 HMAC-SHA1-96
AES-CBC-128 HMAC-SHA384-192 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-128 HMAC-SHA384-192 AES-CBC-256 HMAC-SHA1-96
AES-CBC-128 HMAC-SHA512-256 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-128 HMAC-SHA512-256 AES-CBC-128 HMAC-SHA1-96
AES-CBC-128 HMAC-SHA512-256 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-128 HMAC-SHA512-256 AES-CBC-192 HMAC-SHA1-96
AES-CBC-128 HMAC-SHA512-256 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-128 HMAC-SHA512-256 AES-CBC-256 HMAC-SHA1-96
AES-CBC-192 AES-XCBC-96 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-192 AES-XCBC-96 AES-CBC-128 HMAC-SHA1-96
AES-CBC-192 AES-XCBC-96 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-192 AES-XCBC-96 AES-CBC-192 HMAC-SHA1-96
AES-CBC-192 AES-XCBC-96 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-192 AES-XCBC-96 AES-CBC-256 HMAC-SHA1-96
AES-CBC-192 AES-CMAC-96 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-192 AES-CMAC-96 AES-CBC-128 HMAC-SHA1-96
AES-CBC-192 AES-CMAC-96 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-192 AES-CMAC-96 AES-CBC-192 HMAC-SHA1-96
AES-CBC-192 AES-CMAC-96 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-192 AES-CMAC-96 AES-CBC-256 HMAC-SHA1-96
AES-CBC-192 HMAC-SHA1-96 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-192 HMAC-SHA1-96 AES-CBC-128 HMAC-SHA1-96
AES-CBC-192 HMAC-SHA1-96 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-192 HMAC-SHA1-96 AES-CBC-192 HMAC-SHA1-96
AES-CBC-192 HMAC-SHA1-96 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-192 HMAC-SHA1-96 AES-CBC-256 HMAC-SHA1-96
AES-CBC-192 HMAC-MD5-96 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-192 HMAC-MD5-96 AES-CBC-128 HMAC-SHA1-96
AES-CBC-192 HMAC-MD5-96 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-192 HMAC-MD5-96 AES-CBC-192 HMAC-SHA1-96
AES-CBC-192 HMAC-MD5-96 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-192 HMAC-MD5-96 AES-CBC-256 HMAC-SHA1-96
AES-CBC-192 HMAC-SHA256-128 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-192 HMAC-SHA256-128 AES-CBC-128 HMAC-SHA1-96
AES-CBC-192 HMAC-SHA256-128 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-192 HMAC-SHA256-128 AES-CBC-192 HMAC-SHA1-96
AES-CBC-192 HMAC-SHA256-128 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-192 HMAC-SHA256-128 AES-CBC-256 HMAC-SHA1-96
AES-CBC-192 HMAC-SHA384-192 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-192 HMAC-SHA384-192 AES-CBC-128 HMAC-SHA1-96
AES-CBC-192 HMAC-SHA384-192 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-192 HMAC-SHA384-192 AES-CBC-192 HMAC-SHA1-96
AES-CBC-192 HMAC-SHA384-192 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-192 HMAC-SHA384-192 AES-CBC-256 HMAC-SHA1-96
AES-CBC-192 HMAC-SHA512-256 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-192 HMAC-SHA512-256 AES-CBC-128 HMAC-SHA1-96
AES-CBC-192 HMAC-SHA512-256 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-192 HMAC-SHA512-256 AES-CBC-192 HMAC-SHA1-96
AES-CBC-192 HMAC-SHA512-256 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-192 HMAC-SHA512-256 AES-CBC-256 HMAC-SHA1-96
AES-CBC-256 AES-XCBC-96 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-256 AES-XCBC-96 AES-CBC-128 HMAC-SHA1-96
AES-CBC-256 AES-XCBC-96 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-256 AES-XCBC-96 AES-CBC-192 HMAC-SHA1-96
AES-CBC-256 AES-XCBC-96 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-256 AES-XCBC-96 AES-CBC-256 HMAC-SHA1-96
AES-CBC-256 AES-CMAC-96 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-256 AES-CMAC-96 AES-CBC-128 HMAC-SHA1-96
AES-CBC-256 AES-CMAC-96 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-256 AES-CMAC-96 AES-CBC-192 HMAC-SHA1-96
AES-CBC-256 AES-CMAC-96 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-256 AES-CMAC-96 AES-CBC-256 HMAC-SHA1-96
AES-CBC-256 HMAC-SHA1-96 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-256 HMAC-SHA1-96 AES-CBC-128 HMAC-SHA1-96
AES-CBC-256 HMAC-SHA1-96 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-256 HMAC-SHA1-96 AES-CBC-192 HMAC-SHA1-96
AES-CBC-256 HMAC-SHA1-96 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-256 HMAC-SHA1-96 AES-CBC-256 HMAC-SHA1-96
AES-CBC-256 HMAC-MD5-96 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-256 HMAC-MD5-96 AES-CBC-128 HMAC-SHA1-96
AES-CBC-256 HMAC-MD5-96 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-256 HMAC-MD5-96 AES-CBC-192 HMAC-SHA1-96
AES-CBC-256 HMAC-MD5-96 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-256 HMAC-MD5-96 AES-CBC-256 HMAC-SHA1-96
AES-CBC-256 HMAC-SHA256-128 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-256 HMAC-SHA256-128 AES-CBC-128 HMAC-SHA1-96
AES-CBC-256 HMAC-SHA256-128 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-256 HMAC-SHA256-128 AES-CBC-192 HMAC-SHA1-96
AES-CBC-256 HMAC-SHA256-128 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-256 HMAC-SHA256-128 AES-CBC-256 HMAC-SHA1-96
AES-CBC-256 HMAC-SHA384-192 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-256 HMAC-SHA384-192 AES-CBC-128 HMAC-SHA1-96
AES-CBC-256 HMAC-SHA384-192 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-256 HMAC-SHA384-192 AES-CBC-192 HMAC-SHA1-96
AES-CBC-256 HMAC-SHA384-192 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-256 HMAC-SHA384-192 AES-CBC-256 HMAC-SHA1-96
AES-CBC-256 HMAC-SHA512-256 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-256 HMAC-SHA512-256 AES-CBC-128 HMAC-SHA1-96
AES-CBC-256 HMAC-SHA512-256 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-256 HMAC-SHA512-256 AES-CBC-192 HMAC-SHA1-96
AES-CBC-256 HMAC-SHA512-256 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-256 HMAC-SHA512-256 AES-CBC-256 HMAC-SHA1-96
3DES-CBC AES-XCBC-96 AES-CBC-128 HMAC-SHA2-256-128
3DES-CBC AES-XCBC-96 AES-CBC-128 HMAC-SHA1-96
3DES-CBC AES-XCBC-96 AES-CBC-192 HMAC-SHA2-256-128
3DES-CBC AES-XCBC-96 AES-CBC-192 HMAC-SHA1-96
3DES-CBC AES-XCBC-96 AES-CBC-256 HMAC-SHA2-256-128
3DES-CBC AES-XCBC-96 AES-CBC-256 HMAC-SHA1-96
3DES-CBC AES-CMAC-96 AES-CBC-128 HMAC-SHA2-256-128
3DES-CBC AES-CMAC-96 AES-CBC-128 HMAC-SHA1-96
3DES-CBC AES-CMAC-96 AES-CBC-192 HMAC-SHA2-256-128
3DES-CBC AES-CMAC-96 AES-CBC-192 HMAC-SHA1-96
3DES-CBC AES-CMAC-96 AES-CBC-256 HMAC-SHA2-256-128
3DES-CBC AES-CMAC-96 AES-CBC-256 HMAC-SHA1-96
3DES-CBC HMAC-SHA1-96 AES-CBC-128 HMAC-SHA2-256-128
3DES-CBC HMAC-SHA1-96 AES-CBC-128 HMAC-SHA1-96
3DES-CBC HMAC-SHA1-96 AES-CBC-192 HMAC-SHA2-256-128
3DES-CBC HMAC-SHA1-96 AES-CBC-192 HMAC-SHA1-96
3DES-CBC HMAC-SHA1-96 AES-CBC-256 HMAC-SHA2-256-128
3DES-CBC HMAC-SHA1-96 AES-CBC-256 HMAC-SHA1-96
3DES-CBC HMAC-MD5-96 AES-CBC-128 HMAC-SHA2-256-128
3DES-CBC HMAC-MD5-96 AES-CBC-128 HMAC-SHA1-96
3DES-CBC HMAC-MD5-96 AES-CBC-192 HMAC-SHA2-256-128
3DES-CBC HMAC-MD5-96 AES-CBC-192 HMAC-SHA1-96
3DES-CBC HMAC-MD5-96 AES-CBC-256 HMAC-SHA2-256-128
3DES-CBC HMAC-MD5-96 AES-CBC-256 HMAC-SHA1-96
3DES-CBC HMAC-SHA256-128 AES-CBC-128 HMAC-SHA2-256-128
3DES-CBC HMAC-SHA256-128 AES-CBC-128 HMAC-SHA1-96
3DES-CBC HMAC-SHA256-128 AES-CBC-192 HMAC-SHA2-256-128
3DES-CBC HMAC-SHA256-128 AES-CBC-192 HMAC-SHA1-96
3DES-CBC HMAC-SHA256-128 AES-CBC-256 HMAC-SHA2-256-128
3DES-CBC HMAC-SHA256-128 AES-CBC-256 HMAC-SHA1-96
3DES-CBC HMAC-SHA384-192 AES-CBC-128 HMAC-SHA2-256-128
3DES-CBC HMAC-SHA384-192 AES-CBC-128 HMAC-SHA1-96
3DES-CBC HMAC-SHA384-192 AES-CBC-192 HMAC-SHA2-256-128
3DES-CBC HMAC-SHA384-192 AES-CBC-192 HMAC-SHA1-96
3DES-CBC HMAC-SHA384-192 AES-CBC-256 HMAC-SHA2-256-128
3DES-CBC HMAC-SHA384-192 AES-CBC-256 HMAC-SHA1-96
3DES-CBC HMAC-SHA512-256 AES-CBC-128 HMAC-SHA2-256-128
3DES-CBC HMAC-SHA512-256 AES-CBC-128 HMAC-SHA1-96
3DES-CBC HMAC-SHA512-256 AES-CBC-192 HMAC-SHA2-256-128
3DES-CBC HMAC-SHA512-256 AES-CBC-192 HMAC-SHA1-96
3DES-CBC HMAC-SHA512-256 AES-CBC-256 HMAC-SHA2-256-128
3DES-CBC HMAC-SHA512-256 AES-CBC-256 HMAC-SHA1-96

What's next

  • To learn about the basic concepts of Cloud VPN, see the Cloud VPN overview.
  • To help you solve common issues that you might encounter when using Cloud VPN, see Troubleshooting.