Microsoft утверждает, что их реализация IKEv2 гарантирует следующие возможности:"Supports IPsec end-to-end transport mode connections
Provides interoperability for Windows with other operating systems that use IKEv2 for end-to-end security
Supports Suite B (RFC 4869) requirements
Coexists with existing policies that deploy AuthIP/IKEv1
Uses the Windows PowerShell interface exclusively for configuration. You cannot configure IKEv2 through the user interface.
Uses certificates for the authentication mechanism"
Хотя RFC 4869 сейчас в статусе Obsoleted by: RFC 6379, тем не менее, мы можем обратится к нему за разъяснением, что же именно там Microsoft реализовала:
"3.1. Suite "Suite-B-GCM-128"
This suite provides ESP integrity protection and confidentiality
using 128-bit AES-GCM (see [RFC4106]). This suite or the following
suite should be used when ESP integrity protection and encryption are
both needed.
ESP:
Encryption AES with 128-bit keys and 16-octet Integrity
Check Value (ICV) in GCM mode [RFC4106]
Integrity NULL
IKEv2:
Encryption AES with 128-bit keys in CBC mode
[RFC3602]
Pseudo-random function HMAC-SHA-256 [RFC4868]
Integrity HMAC-SHA-256-128 [RFC4868]
Diffie-Hellman group 256-bit random ECP group [RFC5903]
3.2. Suite "Suite-B-GCM-256"
This suite provides ESP integrity protection and confidentiality
using 256-bit AES-GCM (see [RFC4106]). This suite or the preceding
suite should be used when ESP integrity protection and encryption are
both needed.
ESP:
Encryption AES with 256-bit keys and 16-octet ICV in GCM mode
[RFC4106]
Integrity NULL
IKEv2:
Encryption AES with 256-bit keys in CBC mode
[RFC3602]
Pseudo-random function HMAC-SHA-384 [RFC4868]
Integrity HMAC-SHA-384-192 [RFC4868]
Diffie-Hellman group 384-bit random ECP group [RFC5903]"
Как видим, для IPSec Phase 2, для протокола ESP поддерживается AES в GCM режиме, для IPSec Phase 1, для протокола IKEv2 нет.
