The maximum transmission unit (MTU) is the size, in bytes, of the largest packet supported by a network layer protocol, including both headers and IP packet payload.
Network packets sent over a VPN tunnel are encrypted and then encapsulated in an outer packet so that they can be routed. Cloud VPN tunnels use IPsec and ESP for encryption and encapsulation. Because the encapsulated inner packet must itself fit within the MTU of the outer packet, its maximum IP packet payload must be smaller.
Encapsulation and fragmentation
Cloud VPN uses prefragmentation. Enable prefragmentation on
your VPN gateway so that packets that it sends are fragmented before they are
encrypted and encapsulated. Packets sent from your
peer systems must have the
DF
bit turned off.
Gateway MTU versus payload MTU
Cloud VPN differentiates between the Cloud VPN gateway MTU and the Cloud VPN payload MTU.
Configure your peer VPN gateway to use an MTU of no greater than 1460 bytes. We recommend a value of 1460 bytes so that your peer VPN gateway and the Cloud VPN gateway match.
The actual MTU for packets using a VPN tunnel can be lower than the Cloud VPN payload MTU if, for any reason, an element in the path has a lower MTU. The actual MTU is affected by the following:
For TCP traffic, MSS clamping rewrites the SYN packet of the initial TCP handshake. This action lets systems dynamically adjust maximum segment size (MSS) to accommodate encapsulation. The value for MSS clamping is set to the maximum IP packet payload minus 40 bytes. The maximum IP packet payload depends on the cipher used to encrypt traffic over Cloud VPN.
For TCP and UDP traffic, if your firewall rule permits ICMP traffic, then Path MTU Discovery (PMTUD) can negotiate smaller MTU sizes under certain circumstances.
HA VPN over Cloud Interconnect gateway MTU versus payload MTU
HA VPN over Cloud Interconnect differentiates between the HA VPN over Cloud Interconnect gateway MTU and the HA VPN over Cloud Interconnect payload MTU.
Configure your peer VPN gateway to use an MTU of no greater than 1440 bytes. We recommend a value of 1440 bytes so that your peer VPN gateway and the HA VPN over Cloud Interconnect gateway match.
The actual MTU for packets using a VPN tunnel can be lower than the HA VPN over Cloud Interconnect payload MTU if, for any reason, an element in the path has a lower MTU. The actual MTU is affected by the following:
For TCP traffic, MSS clamping rewrites the SYN packet of the initial TCP handshake. This action lets systems dynamically adjust maximum segment size (MSS) to accommodate encapsulation. The value for MSS clamping is set to the maximum IP packet payload minus 40 bytes. The maximum IP packet payload depends on the cipher used to encrypt traffic over Cloud VPN.
For TCP and UDP traffic, if your firewall rule permits ICMP traffic, then Path MTU Discovery (PMTUD) can negotiate smaller MTU sizes under certain circumstances.
Performance considerations
MSS clamping and PMTUD do not solve every cause of packet loss. Consider these strategies to ensure that systems can reliably communicate over a Cloud VPN tunnel:
If the MTU of your on-premises VPN gateway is set to 1460 bytes, consider setting the MTU of on-premises and Google Cloud VMs to 1390 bytes if:
- MSS clamping doesn't mitigate packet loss for TCP traffic.
- You are sending UDP traffic, and PMTUD is not possible. For example, not all UDP applications can take advantage of PMTUD.
If you configured the MTU of your peer VPN gateway to a value less than 1440 bytes, you must determine an acceptable MTU for peer systems and Google Cloud VMs. This MTU must be approximately 70 bytes lower than the MTU of your gateway.
Encrypted traffic MTU values
Cloud VPN payload MTU values
The Cloud VPN payload MTU depends on the ciphers chosen in your Cloud VPN connection.
Payload MTU for AEAD ciphers
The following table shows phase 1 to phase 2 cipher combinations for AEAD ciphers. The Cloud VPN payload MTU for the following combinations is 1406. The HA VPN over Cloud Interconnect payload MTU for the following combinations is 1386.
Phase 1 | Phase 2 |
---|---|
AES-GCM-16-128 | AES-GCM-16-128 |
AES-GCM-16-192 | AES-GCM-16-192 |
AES-GCM-16-256 | AES-GCM-16-256 |
AES-GCM-16-128 | AES-GCM-16-192 |
AES-GCM-16-192 | AES-GCM-16-128 |
AES-GCM-16-256 | AES-GCM-16-192 |
AES-GCM-16-128 | AES-GCM-16-256 |
AES-GCM-16-192 | AES-GCM-16-256 |
AES-GCM-16-256 | AES-GCM-16-128 |
Payload MTU for non-AEAD ciphers
The following table shows phase 1 to phase 2 cipher combinations for non-AEAD ciphers that have an Cloud VPN payload MTU of 1374. The HA VPN over Cloud Interconnect payload MTU for the following combinations is 1354.
Phase 1 - Encryption | Phase 1 - Integrity | Phase 2 - Encryption | Phase 2 - Integrity |
---|---|---|---|
AES-CBC-128 | AES-XCBC-96 | AES-CBC-128 | HMAC-SHA2-512-256 |
AES-CBC-128 | AES-XCBC-96 | AES-CBC-192 | HMAC-SHA2-512-256 |
AES-CBC-128 | AES-XCBC-96 | AES-CBC-256 | HMAC-SHA2-512-256 |
AES-CBC-128 | AES-CMAC-96 | AES-CBC-128 | HMAC-SHA2-512-256 |
AES-CBC-128 | AES-CMAC-96 | AES-CBC-192 | HMAC-SHA2-512-256 |
AES-CBC-128 | AES-CMAC-96 | AES-CBC-256 | HMAC-SHA2-512-256 |
AES-CBC-128 | HMAC-SHA1-96 | AES-CBC-128 | HMAC-SHA2-512-256 |
AES-CBC-128 | HMAC-SHA1-96 | AES-CBC-192 | HMAC-SHA2-512-256 |
AES-CBC-128 | HMAC-SHA1-96 | AES-CBC-256 | HMAC-SHA2-512-256 |
AES-CBC-128 | HMAC-MD5-96 | AES-CBC-128 | HMAC-SHA2-512-256 |
AES-CBC-128 | HMAC-MD5-96 | AES-CBC-192 | HMAC-SHA2-512-256 |
AES-CBC-128 | HMAC-MD5-96 | AES-CBC-256 | HMAC-SHA2-512-256 |
AES-CBC-128 | HMAC-SHA256-128 | AES-CBC-128 | HMAC-SHA2-512-256 |
AES-CBC-128 | HMAC-SHA256-128 | AES-CBC-192 | HMAC-SHA2-512-256 |
AES-CBC-128 | HMAC-SHA256-128 | AES-CBC-256 | HMAC-SHA2-512-256 |
AES-CBC-128 | HMAC-SHA384-192 | AES-CBC-128 | HMAC-SHA2-512-256 |
AES-CBC-128 | HMAC-SHA384-192 | AES-CBC-192 | HMAC-SHA2-512-256 |
AES-CBC-128 | HMAC-SHA384-192 | AES-CBC-256 | HMAC-SHA2-512-256 |
AES-CBC-128 | HMAC-SHA512-256 | AES-CBC-128 | HMAC-SHA2-512-256 |
AES-CBC-128 | HMAC-SHA512-256 | AES-CBC-192 | HMAC-SHA2-512-256 |
AES-CBC-128 | HMAC-SHA512-256 | AES-CBC-256 | HMAC-SHA2-512-256 |
AES-CBC-192 | AES-XCBC-96 | AES-CBC-128 | HMAC-SHA2-512-256 |
AES-CBC-192 | AES-XCBC-96 | AES-CBC-192 | HMAC-SHA2-512-256 |
AES-CBC-192 | AES-XCBC-96 | AES-CBC-256 | HMAC-SHA2-512-256 |
AES-CBC-192 | AES-CMAC-96 | AES-CBC-128 | HMAC-SHA2-512-256 |
AES-CBC-192 | AES-CMAC-96 | AES-CBC-192 | HMAC-SHA2-512-256 |
AES-CBC-192 | AES-CMAC-96 | AES-CBC-256 | HMAC-SHA2-512-256 |
AES-CBC-192 | HMAC-SHA1-96 | AES-CBC-128 | HMAC-SHA2-512-256 |
AES-CBC-192 | HMAC-SHA1-96 | AES-CBC-192 | HMAC-SHA2-512-256 |
AES-CBC-192 | HMAC-SHA1-96 | AES-CBC-256 | HMAC-SHA2-512-256 |
AES-CBC-192 | HMAC-MD5-96 | AES-CBC-128 | HMAC-SHA2-512-256 |
AES-CBC-192 | HMAC-MD5-96 | AES-CBC-192 | HMAC-SHA2-512-256 |
AES-CBC-192 | HMAC-MD5-96 | AES-CBC-256 | HMAC-SHA2-512-256 |
AES-CBC-192 | HMAC-SHA256-128 | AES-CBC-128 | HMAC-SHA2-512-256 |
AES-CBC-192 | HMAC-SHA256-128 | AES-CBC-192 | HMAC-SHA2-512-256 |
AES-CBC-192 | HMAC-SHA256-128 | AES-CBC-256 | HMAC-SHA2-512-256 |
AES-CBC-192 | HMAC-SHA384-192 | AES-CBC-128 | HMAC-SHA2-512-256 |
AES-CBC-192 | HMAC-SHA384-192 | AES-CBC-192 | HMAC-SHA2-512-256 |
AES-CBC-192 | HMAC-SHA384-192 | AES-CBC-256 | HMAC-SHA2-512-256 |
AES-CBC-192 | HMAC-SHA512-256 | AES-CBC-128 | HMAC-SHA2-512-256 |
AES-CBC-192 | HMAC-SHA512-256 | AES-CBC-192 | HMAC-SHA2-512-256 |
AES-CBC-192 | HMAC-SHA512-256 | AES-CBC-256 | HMAC-SHA2-512-256 |
AES-CBC-256 | AES-XCBC-96 | AES-CBC-128 | HMAC-SHA2-512-256 |
AES-CBC-256 | AES-XCBC-96 | AES-CBC-192 | HMAC-SHA2-512-256 |
AES-CBC-256 | AES-XCBC-96 | AES-CBC-256 | HMAC-SHA2-512-256 |
AES-CBC-256 | AES-CMAC-96 | AES-CBC-128 | HMAC-SHA2-512-256 |
AES-CBC-256 | AES-CMAC-96 | AES-CBC-192 | HMAC-SHA2-512-256 |
AES-CBC-256 | AES-CMAC-96 | AES-CBC-256 | HMAC-SHA2-512-256 |
AES-CBC-256 | HMAC-SHA1-96 | AES-CBC-128 | HMAC-SHA2-512-256 |
AES-CBC-256 | HMAC-SHA1-96 | AES-CBC-192 | HMAC-SHA2-512-256 |
AES-CBC-256 | HMAC-SHA1-96 | AES-CBC-256 | HMAC-SHA2-512-256 |
AES-CBC-256 | HMAC-MD5-96 | AES-CBC-128 | HMAC-SHA2-512-256 |
AES-CBC-256 | HMAC-MD5-96 | AES-CBC-192 | HMAC-SHA2-512-256 |
AES-CBC-256 | HMAC-MD5-96 | AES-CBC-256 | HMAC-SHA2-512-256 |
AES-CBC-256 | HMAC-SHA256-128 | AES-CBC-128 | HMAC-SHA2-512-256 |
AES-CBC-256 | HMAC-SHA256-128 | AES-CBC-192 | HMAC-SHA2-512-256 |
AES-CBC-256 | HMAC-SHA256-128 | AES-CBC-256 | HMAC-SHA2-512-256 |
AES-CBC-256 | HMAC-SHA384-192 | AES-CBC-128 | HMAC-SHA2-512-256 |
AES-CBC-256 | HMAC-SHA384-192 | AES-CBC-192 | HMAC-SHA2-512-256 |
AES-CBC-256 | HMAC-SHA384-192 | AES-CBC-256 | HMAC-SHA2-512-256 |
AES-CBC-256 | HMAC-SHA512-256 | AES-CBC-128 | HMAC-SHA2-512-256 |
AES-CBC-256 | HMAC-SHA512-256 | AES-CBC-192 | HMAC-SHA2-512-256 |
AES-CBC-256 | HMAC-SHA512-256 | AES-CBC-256 | HMAC-SHA2-512-256 |
3DES-CBC | AES-XCBC-96 | AES-CBC-128 | HMAC-SHA2-512-256 |
3DES-CBC | AES-XCBC-96 | AES-CBC-192 | HMAC-SHA2-512-256 |
3DES-CBC | AES-XCBC-96 | AES-CBC-256 | HMAC-SHA2-512-256 |
3DES-CBC | AES-CMAC-96 | AES-CBC-128 | HMAC-SHA2-512-256 |
3DES-CBC | AES-CMAC-96 | AES-CBC-192 | HMAC-SHA2-512-256 |
3DES-CBC | AES-CMAC-96 | AES-CBC-256 | HMAC-SHA2-512-256 |
3DES-CBC | HMAC-SHA1-96 | AES-CBC-128 | HMAC-SHA2-512-256 |
3DES-CBC | HMAC-SHA1-96 | AES-CBC-192 | HMAC-SHA2-512-256 |
3DES-CBC | HMAC-SHA1-96 | AES-CBC-256 | HMAC-SHA2-512-256 |
3DES-CBC | HMAC-MD5-96 | AES-CBC-128 | HMAC-SHA2-512-256 |
3DES-CBC | HMAC-MD5-96 | AES-CBC-192 | HMAC-SHA2-512-256 |
3DES-CBC | HMAC-MD5-96 | AES-CBC-256 | HMAC-SHA2-512-256 |
3DES-CBC | HMAC-SHA256-128 | AES-CBC-128 | HMAC-SHA2-512-256 |
3DES-CBC | HMAC-SHA256-128 | AES-CBC-192 | HMAC-SHA2-512-256 |
3DES-CBC | HMAC-SHA256-128 | AES-CBC-256 | HMAC-SHA2-512-256 |
3DES-CBC | HMAC-SHA384-192 | AES-CBC-128 | HMAC-SHA2-512-256 |
3DES-CBC | HMAC-SHA384-192 | AES-CBC-192 | HMAC-SHA2-512-256 |
3DES-CBC | HMAC-SHA384-192 | AES-CBC-256 | HMAC-SHA2-512-256 |
3DES-CBC | HMAC-SHA512-256 | AES-CBC-128 | HMAC-SHA2-512-256 |
3DES-CBC | HMAC-SHA512-256 | AES-CBC-192 | HMAC-SHA2-512-256 |
3DES-CBC | HMAC-SHA512-256 | AES-CBC-256 | HMAC-SHA2-512-256 |
The following table shows phase 1 to phase 2 cipher combinations for non-AEAD cipher that have an Cloud VPN payload MTU of 1390. The HA VPN over Cloud Interconnect payload MTU for the following combinations is 1370.
Phase 1 - Encryption | Phase 1 - Integrity | Phase 2 - Encryption | Phase 2 - Integrity |
---|---|---|---|
AES-CBC-128 | AES-XCBC-96 | AES-CBC-128 | HMAC-SHA2-256-128 |
AES-CBC-128 | AES-XCBC-96 | AES-CBC-128 | HMAC-SHA1-96 |
AES-CBC-128 | AES-XCBC-96 | AES-CBC-192 | HMAC-SHA2-256-128 |
AES-CBC-128 | AES-XCBC-96 | AES-CBC-192 | HMAC-SHA1-96 |
AES-CBC-128 | AES-XCBC-96 | AES-CBC-256 | HMAC-SHA2-256-128 |
AES-CBC-128 | AES-XCBC-96 | AES-CBC-256 | HMAC-SHA1-96 |
AES-CBC-128 | AES-CMAC-96 | AES-CBC-128 | HMAC-SHA2-256-128 |
AES-CBC-128 | AES-CMAC-96 | AES-CBC-128 | HMAC-SHA1-96 |
AES-CBC-128 | AES-CMAC-96 | AES-CBC-192 | HMAC-SHA2-256-128 |
AES-CBC-128 | AES-CMAC-96 | AES-CBC-192 | HMAC-SHA1-96 |
AES-CBC-128 | AES-CMAC-96 | AES-CBC-256 | HMAC-SHA2-256-128 |
AES-CBC-128 | AES-CMAC-96 | AES-CBC-256 | HMAC-SHA1-96 |
AES-CBC-128 | HMAC-SHA1-96 | AES-CBC-128 | HMAC-SHA2-256-128 |
AES-CBC-128 | HMAC-SHA1-96 | AES-CBC-128 | HMAC-SHA1-96 |
AES-CBC-128 | HMAC-SHA1-96 | AES-CBC-192 | HMAC-SHA2-256-128 |
AES-CBC-128 | HMAC-SHA1-96 | AES-CBC-192 | HMAC-SHA1-96 |
AES-CBC-128 | HMAC-SHA1-96 | AES-CBC-256 | HMAC-SHA2-256-128 |
AES-CBC-128 | HMAC-SHA1-96 | AES-CBC-256 | HMAC-SHA1-96 |
AES-CBC-128 | HMAC-MD5-96 | AES-CBC-128 | HMAC-SHA2-256-128 |
AES-CBC-128 | HMAC-MD5-96 | AES-CBC-128 | HMAC-SHA1-96 |
AES-CBC-128 | HMAC-MD5-96 | AES-CBC-192 | HMAC-SHA2-256-128 |
AES-CBC-128 | HMAC-MD5-96 | AES-CBC-192 | HMAC-SHA1-96 |
AES-CBC-128 | HMAC-MD5-96 | AES-CBC-256 | HMAC-SHA2-256-128 |
AES-CBC-128 | HMAC-MD5-96 | AES-CBC-256 | HMAC-SHA1-96 |
AES-CBC-128 | HMAC-SHA256-128 | AES-CBC-128 | HMAC-SHA2-256-128 |
AES-CBC-128 | HMAC-SHA256-128 | AES-CBC-128 | HMAC-SHA1-96 |
AES-CBC-128 | HMAC-SHA256-128 | AES-CBC-192 | HMAC-SHA2-256-128 |
AES-CBC-128 | HMAC-SHA256-128 | AES-CBC-192 | HMAC-SHA1-96 |
AES-CBC-128 | HMAC-SHA256-128 | AES-CBC-256 | HMAC-SHA2-256-128 |
AES-CBC-128 | HMAC-SHA256-128 | AES-CBC-256 | HMAC-SHA1-96 |
AES-CBC-128 | HMAC-SHA384-192 | AES-CBC-128 | HMAC-SHA2-256-128 |
AES-CBC-128 | HMAC-SHA384-192 | AES-CBC-128 | HMAC-SHA1-96 |
AES-CBC-128 | HMAC-SHA384-192 | AES-CBC-192 | HMAC-SHA2-256-128 |
AES-CBC-128 | HMAC-SHA384-192 | AES-CBC-192 | HMAC-SHA1-96 |
AES-CBC-128 | HMAC-SHA384-192 | AES-CBC-256 | HMAC-SHA2-256-128 |
AES-CBC-128 | HMAC-SHA384-192 | AES-CBC-256 | HMAC-SHA1-96 |
AES-CBC-128 | HMAC-SHA512-256 | AES-CBC-128 | HMAC-SHA2-256-128 |
AES-CBC-128 | HMAC-SHA512-256 | AES-CBC-128 | HMAC-SHA1-96 |
AES-CBC-128 | HMAC-SHA512-256 | AES-CBC-192 | HMAC-SHA2-256-128 |
AES-CBC-128 | HMAC-SHA512-256 | AES-CBC-192 | HMAC-SHA1-96 |
AES-CBC-128 | HMAC-SHA512-256 | AES-CBC-256 | HMAC-SHA2-256-128 |
AES-CBC-128 | HMAC-SHA512-256 | AES-CBC-256 | HMAC-SHA1-96 |
AES-CBC-192 | AES-XCBC-96 | AES-CBC-128 | HMAC-SHA2-256-128 |
AES-CBC-192 | AES-XCBC-96 | AES-CBC-128 | HMAC-SHA1-96 |
AES-CBC-192 | AES-XCBC-96 | AES-CBC-192 | HMAC-SHA2-256-128 |
AES-CBC-192 | AES-XCBC-96 | AES-CBC-192 | HMAC-SHA1-96 |
AES-CBC-192 | AES-XCBC-96 | AES-CBC-256 | HMAC-SHA2-256-128 |
AES-CBC-192 | AES-XCBC-96 | AES-CBC-256 | HMAC-SHA1-96 |
AES-CBC-192 | AES-CMAC-96 | AES-CBC-128 | HMAC-SHA2-256-128 |
AES-CBC-192 | AES-CMAC-96 | AES-CBC-128 | HMAC-SHA1-96 |
AES-CBC-192 | AES-CMAC-96 | AES-CBC-192 | HMAC-SHA2-256-128 |
AES-CBC-192 | AES-CMAC-96 | AES-CBC-192 | HMAC-SHA1-96 |
AES-CBC-192 | AES-CMAC-96 | AES-CBC-256 | HMAC-SHA2-256-128 |
AES-CBC-192 | AES-CMAC-96 | AES-CBC-256 | HMAC-SHA1-96 |
AES-CBC-192 | HMAC-SHA1-96 | AES-CBC-128 | HMAC-SHA2-256-128 |
AES-CBC-192 | HMAC-SHA1-96 | AES-CBC-128 | HMAC-SHA1-96 |
AES-CBC-192 | HMAC-SHA1-96 | AES-CBC-192 | HMAC-SHA2-256-128 |
AES-CBC-192 | HMAC-SHA1-96 | AES-CBC-192 | HMAC-SHA1-96 |
AES-CBC-192 | HMAC-SHA1-96 | AES-CBC-256 | HMAC-SHA2-256-128 |
AES-CBC-192 | HMAC-SHA1-96 | AES-CBC-256 | HMAC-SHA1-96 |
AES-CBC-192 | HMAC-MD5-96 | AES-CBC-128 | HMAC-SHA2-256-128 |
AES-CBC-192 | HMAC-MD5-96 | AES-CBC-128 | HMAC-SHA1-96 |
AES-CBC-192 | HMAC-MD5-96 | AES-CBC-192 | HMAC-SHA2-256-128 |
AES-CBC-192 | HMAC-MD5-96 | AES-CBC-192 | HMAC-SHA1-96 |
AES-CBC-192 | HMAC-MD5-96 | AES-CBC-256 | HMAC-SHA2-256-128 |
AES-CBC-192 | HMAC-MD5-96 | AES-CBC-256 | HMAC-SHA1-96 |
AES-CBC-192 | HMAC-SHA256-128 | AES-CBC-128 | HMAC-SHA2-256-128 |
AES-CBC-192 | HMAC-SHA256-128 | AES-CBC-128 | HMAC-SHA1-96 |
AES-CBC-192 | HMAC-SHA256-128 | AES-CBC-192 | HMAC-SHA2-256-128 |
AES-CBC-192 | HMAC-SHA256-128 | AES-CBC-192 | HMAC-SHA1-96 |
AES-CBC-192 | HMAC-SHA256-128 | AES-CBC-256 | HMAC-SHA2-256-128 |
AES-CBC-192 | HMAC-SHA256-128 | AES-CBC-256 | HMAC-SHA1-96 |
AES-CBC-192 | HMAC-SHA384-192 | AES-CBC-128 | HMAC-SHA2-256-128 |
AES-CBC-192 | HMAC-SHA384-192 | AES-CBC-128 | HMAC-SHA1-96 |
AES-CBC-192 | HMAC-SHA384-192 | AES-CBC-192 | HMAC-SHA2-256-128 |
AES-CBC-192 | HMAC-SHA384-192 | AES-CBC-192 | HMAC-SHA1-96 |
AES-CBC-192 | HMAC-SHA384-192 | AES-CBC-256 | HMAC-SHA2-256-128 |
AES-CBC-192 | HMAC-SHA384-192 | AES-CBC-256 | HMAC-SHA1-96 |
AES-CBC-192 | HMAC-SHA512-256 | AES-CBC-128 | HMAC-SHA2-256-128 |
AES-CBC-192 | HMAC-SHA512-256 | AES-CBC-128 | HMAC-SHA1-96 |
AES-CBC-192 | HMAC-SHA512-256 | AES-CBC-192 | HMAC-SHA2-256-128 |
AES-CBC-192 | HMAC-SHA512-256 | AES-CBC-192 | HMAC-SHA1-96 |
AES-CBC-192 | HMAC-SHA512-256 | AES-CBC-256 | HMAC-SHA2-256-128 |
AES-CBC-192 | HMAC-SHA512-256 | AES-CBC-256 | HMAC-SHA1-96 |
AES-CBC-256 | AES-XCBC-96 | AES-CBC-128 | HMAC-SHA2-256-128 |
AES-CBC-256 | AES-XCBC-96 | AES-CBC-128 | HMAC-SHA1-96 |
AES-CBC-256 | AES-XCBC-96 | AES-CBC-192 | HMAC-SHA2-256-128 |
AES-CBC-256 | AES-XCBC-96 | AES-CBC-192 | HMAC-SHA1-96 |
AES-CBC-256 | AES-XCBC-96 | AES-CBC-256 | HMAC-SHA2-256-128 |
AES-CBC-256 | AES-XCBC-96 | AES-CBC-256 | HMAC-SHA1-96 |
AES-CBC-256 | AES-CMAC-96 | AES-CBC-128 | HMAC-SHA2-256-128 |
AES-CBC-256 | AES-CMAC-96 | AES-CBC-128 | HMAC-SHA1-96 |
AES-CBC-256 | AES-CMAC-96 | AES-CBC-192 | HMAC-SHA2-256-128 |
AES-CBC-256 | AES-CMAC-96 | AES-CBC-192 | HMAC-SHA1-96 |
AES-CBC-256 | AES-CMAC-96 | AES-CBC-256 | HMAC-SHA2-256-128 |
AES-CBC-256 | AES-CMAC-96 | AES-CBC-256 | HMAC-SHA1-96 |
AES-CBC-256 | HMAC-SHA1-96 | AES-CBC-128 | HMAC-SHA2-256-128 |
AES-CBC-256 | HMAC-SHA1-96 | AES-CBC-128 | HMAC-SHA1-96 |
AES-CBC-256 | HMAC-SHA1-96 | AES-CBC-192 | HMAC-SHA2-256-128 |
AES-CBC-256 | HMAC-SHA1-96 | AES-CBC-192 | HMAC-SHA1-96 |
AES-CBC-256 | HMAC-SHA1-96 | AES-CBC-256 | HMAC-SHA2-256-128 |
AES-CBC-256 | HMAC-SHA1-96 | AES-CBC-256 | HMAC-SHA1-96 |
AES-CBC-256 | HMAC-MD5-96 | AES-CBC-128 | HMAC-SHA2-256-128 |
AES-CBC-256 | HMAC-MD5-96 | AES-CBC-128 | HMAC-SHA1-96 |
AES-CBC-256 | HMAC-MD5-96 | AES-CBC-192 | HMAC-SHA2-256-128 |
AES-CBC-256 | HMAC-MD5-96 | AES-CBC-192 | HMAC-SHA1-96 |
AES-CBC-256 | HMAC-MD5-96 | AES-CBC-256 | HMAC-SHA2-256-128 |
AES-CBC-256 | HMAC-MD5-96 | AES-CBC-256 | HMAC-SHA1-96 |
AES-CBC-256 | HMAC-SHA256-128 | AES-CBC-128 | HMAC-SHA2-256-128 |
AES-CBC-256 | HMAC-SHA256-128 | AES-CBC-128 | HMAC-SHA1-96 |
AES-CBC-256 | HMAC-SHA256-128 | AES-CBC-192 | HMAC-SHA2-256-128 |
AES-CBC-256 | HMAC-SHA256-128 | AES-CBC-192 | HMAC-SHA1-96 |
AES-CBC-256 | HMAC-SHA256-128 | AES-CBC-256 | HMAC-SHA2-256-128 |
AES-CBC-256 | HMAC-SHA256-128 | AES-CBC-256 | HMAC-SHA1-96 |
AES-CBC-256 | HMAC-SHA384-192 | AES-CBC-128 | HMAC-SHA2-256-128 |
AES-CBC-256 | HMAC-SHA384-192 | AES-CBC-128 | HMAC-SHA1-96 |
AES-CBC-256 | HMAC-SHA384-192 | AES-CBC-192 | HMAC-SHA2-256-128 |
AES-CBC-256 | HMAC-SHA384-192 | AES-CBC-192 | HMAC-SHA1-96 |
AES-CBC-256 | HMAC-SHA384-192 | AES-CBC-256 | HMAC-SHA2-256-128 |
AES-CBC-256 | HMAC-SHA384-192 | AES-CBC-256 | HMAC-SHA1-96 |
AES-CBC-256 | HMAC-SHA512-256 | AES-CBC-128 | HMAC-SHA2-256-128 |
AES-CBC-256 | HMAC-SHA512-256 | AES-CBC-128 | HMAC-SHA1-96 |
AES-CBC-256 | HMAC-SHA512-256 | AES-CBC-192 | HMAC-SHA2-256-128 |
AES-CBC-256 | HMAC-SHA512-256 | AES-CBC-192 | HMAC-SHA1-96 |
AES-CBC-256 | HMAC-SHA512-256 | AES-CBC-256 | HMAC-SHA2-256-128 |
AES-CBC-256 | HMAC-SHA512-256 | AES-CBC-256 | HMAC-SHA1-96 |
3DES-CBC | AES-XCBC-96 | AES-CBC-128 | HMAC-SHA2-256-128 |
3DES-CBC | AES-XCBC-96 | AES-CBC-128 | HMAC-SHA1-96 |
3DES-CBC | AES-XCBC-96 | AES-CBC-192 | HMAC-SHA2-256-128 |
3DES-CBC | AES-XCBC-96 | AES-CBC-192 | HMAC-SHA1-96 |
3DES-CBC | AES-XCBC-96 | AES-CBC-256 | HMAC-SHA2-256-128 |
3DES-CBC | AES-XCBC-96 | AES-CBC-256 | HMAC-SHA1-96 |
3DES-CBC | AES-CMAC-96 | AES-CBC-128 | HMAC-SHA2-256-128 |
3DES-CBC | AES-CMAC-96 | AES-CBC-128 | HMAC-SHA1-96 |
3DES-CBC | AES-CMAC-96 | AES-CBC-192 | HMAC-SHA2-256-128 |
3DES-CBC | AES-CMAC-96 | AES-CBC-192 | HMAC-SHA1-96 |
3DES-CBC | AES-CMAC-96 | AES-CBC-256 | HMAC-SHA2-256-128 |
3DES-CBC | AES-CMAC-96 | AES-CBC-256 | HMAC-SHA1-96 |
3DES-CBC | HMAC-SHA1-96 | AES-CBC-128 | HMAC-SHA2-256-128 |
3DES-CBC | HMAC-SHA1-96 | AES-CBC-128 | HMAC-SHA1-96 |
3DES-CBC | HMAC-SHA1-96 | AES-CBC-192 | HMAC-SHA2-256-128 |
3DES-CBC | HMAC-SHA1-96 | AES-CBC-192 | HMAC-SHA1-96 |
3DES-CBC | HMAC-SHA1-96 | AES-CBC-256 | HMAC-SHA2-256-128 |
3DES-CBC | HMAC-SHA1-96 | AES-CBC-256 | HMAC-SHA1-96 |
3DES-CBC | HMAC-MD5-96 | AES-CBC-128 | HMAC-SHA2-256-128 |
3DES-CBC | HMAC-MD5-96 | AES-CBC-128 | HMAC-SHA1-96 |
3DES-CBC | HMAC-MD5-96 | AES-CBC-192 | HMAC-SHA2-256-128 |
3DES-CBC | HMAC-MD5-96 | AES-CBC-192 | HMAC-SHA1-96 |
3DES-CBC | HMAC-MD5-96 | AES-CBC-256 | HMAC-SHA2-256-128 |
3DES-CBC | HMAC-MD5-96 | AES-CBC-256 | HMAC-SHA1-96 |
3DES-CBC | HMAC-SHA256-128 | AES-CBC-128 | HMAC-SHA2-256-128 |
3DES-CBC | HMAC-SHA256-128 | AES-CBC-128 | HMAC-SHA1-96 |
3DES-CBC | HMAC-SHA256-128 | AES-CBC-192 | HMAC-SHA2-256-128 |
3DES-CBC | HMAC-SHA256-128 | AES-CBC-192 | HMAC-SHA1-96 |
3DES-CBC | HMAC-SHA256-128 | AES-CBC-256 | HMAC-SHA2-256-128 |
3DES-CBC | HMAC-SHA256-128 | AES-CBC-256 | HMAC-SHA1-96 |
3DES-CBC | HMAC-SHA384-192 | AES-CBC-128 | HMAC-SHA2-256-128 |
3DES-CBC | HMAC-SHA384-192 | AES-CBC-128 | HMAC-SHA1-96 |
3DES-CBC | HMAC-SHA384-192 | AES-CBC-192 | HMAC-SHA2-256-128 |
3DES-CBC | HMAC-SHA384-192 | AES-CBC-192 | HMAC-SHA1-96 |
3DES-CBC | HMAC-SHA384-192 | AES-CBC-256 | HMAC-SHA2-256-128 |
3DES-CBC | HMAC-SHA384-192 | AES-CBC-256 | HMAC-SHA1-96 |
3DES-CBC | HMAC-SHA512-256 | AES-CBC-128 | HMAC-SHA2-256-128 |
3DES-CBC | HMAC-SHA512-256 | AES-CBC-128 | HMAC-SHA1-96 |
3DES-CBC | HMAC-SHA512-256 | AES-CBC-192 | HMAC-SHA2-256-128 |
3DES-CBC | HMAC-SHA512-256 | AES-CBC-192 | HMAC-SHA1-96 |
3DES-CBC | HMAC-SHA512-256 | AES-CBC-256 | HMAC-SHA2-256-128 |
3DES-CBC | HMAC-SHA512-256 | AES-CBC-256 | HMAC-SHA1-96 |
What's next
- To learn about the basic concepts of Cloud VPN, see the Cloud VPN overview.
- To help you solve common issues that you might encounter when using Cloud VPN, see Troubleshooting.