Roadwarrior <b>carol</b> proposes <b>3DES</b> encryption (together with
SHA-1 authentication) in the first place and <b>AES-128</b> encryption in
second place for both the ISAKMP and IPsec SAs. Gateway <b>moon</b> defines
<b>ike=aes-128-sha</b> but will accept any other supported algorithm proposed
by the peer during Phase 1. But for ESP encryption <b>moon</b> enforces
<b>esp=aes-128-sha1!</b> by applying the strict flag '!'.