diff --git a/files/ipsec.conf.wit b/files/ipsec.conf.wit
index 1dfdf35..ffe3291 100644
--- a/files/ipsec.conf.wit
+++ b/files/ipsec.conf.wit
@@ -17,8 +17,8 @@ conn %default
     dpdaction=restart
     type=transport
     keyexchange=ikev1
-    ike=aes128-sha1-modp2048!
-    esp=aes128-sha1-modp2048!
+    ike=aes256-sha512-modp4096,aes128-sha1-modp2048!
+    esp=aes256-sha512-modp4096,aes128-sha1-modp2048!
     leftcert=FQHOSTNAME.crt
     leftid="C=US, O=Wit, CN=FQHOSTNAME"
     rightid="C=US, O=Wit, CN=*"