Hi

We currently have site to site VPNs to various 3rd parties. I am in the process of reviewing the current proposals and updating these. 

Currently we use IKEV1, aes256, sha-1, dh group 5, lifetime 86400, no pfs

I am planning to use IKEV2, aes256, sha256, dh group 21, lifetime 28800, pfs group 5

What are the industry best practices for a standard VPN tunnel at this time? I want to have a generic template but then also tighten the proposal where required.

Am I right in thinking this maybe depends on the 3rd party type and firewall resource, or should it be go for the best as long as there is firewall resource available and the other end supports it?