Ingate Systems has tested Ingate Firewall's VPN interoperability with several of the market leading firewalls and security gateways. These tests show that Ingate VPN works with all products meeting the requirements listed below.
General requirements
The IETF standards IPSec and IKE must be supported.
Preshared keys or X.509 certificates must be used as the authentication method (VPN clients must use X.509 certificates). Methods using digital signatures also exist, but are not supported by Ingate VPN.
Main Mode must be supported. Ingate Firewall does not support Aggressive Mode.
The 3DES encryption algorithm or the AES encryption algorithm must be supported. 3DES performs encryption with 168 bits, and some countries do not allow export of products with such a strong encryption algorithm. For AES, Ingate Firewall proposes a 128 bit encryption, but accepts 192 and 256 bit encryption when proposed from a VPN peer.
ESP must use encryption of the traffic. The ESP standard permits authentication only, but Ingate VPN will not permit this for security reasons.
At least one of the MD5 or SHA-1 authentication algorithms must be supported. Almost all security products support these methods.
Tunnel mode must be used. Transport mode is not supported.
PFS (Perfect Forward Secrecy), group 2 or 5, must be supported. PFS is turned off as default in some products.