You are an Azure Solution Architect at a large energy company. You are configuring a point-to-site VPN.
You create an Azure VpnGw2 gateway and need to configure it to support specific cryptographic algorithms for a mixed environment consisting of Windows and Mac devices.
Choose all that apply:
You can enable RADIUS or IKEv2 on already deployed gateways by using either PowerShell or the Azure portal. The gateway SKU VpnGw2 supports both RADIUS and IKEv2.
Your IPSec/IKE policy must specify all algorithms and parameters for both IKE (Main Mode) and IPSec (Quick Mode). Partial policy specifications are not supported.
You can define a custom policy to use a key strength other than that used in the default policy.
You cannot apply both a custom and a default policy to a connection. To use algorithms that are not included in the default policy, you must define and apply a custom policy that includes all IKE and IPSec algorithms in addition to specific algorithms to be added. When you apply a custom policy to a connection, it replaces the default policy.
When you configure both SSTP and IKEv2 in a mixed environment consisting of Windows and Mac devices, the Windows VPN attempts an IKEv2 tunnel first and falls back to SSTP if the IKEv2 connection is not successful. MacOSX connects only via IKEv2.
Only self-signed root certificates can be used. You can upload 20 root certificates for point-to-site connectivity.
You can use your enterprise PKI solution (your internal PKI), Azure PowerShell, MakeCert, or OpenSS to create certificates.