> Is there a reason for using "aesxcbc" for ike? Doesn't aes-gcm provide > both authenticity and confidentiality? It does, but IKE additionally requires a PRF. In this example, aesxcbc is used for that. > Also, if I want to use the transport mode for the above configuration, > do I need to worry about anything? No. Regards Martin