AES-256 encryption broke Client VPN

Jwiley78
Building a reputation

AES-256 encryption broke Client VPN

Not really a question, just sharing an experience.  Back in January we updated our firmware and had Meraki tech support change encryption standards so we could pass a PCI scan.  Found out today that the change actually had broken client VPN.

 

Meraki was using 256 and Windows was using 128.  This would not allow the connection to work.  Once tech support reverted the change on their end the connection began working again.

 

Client VPN is now fixed and working.  Now time to deal with the struggle of PCI.

3 REPLIES 3
Nash
Kind of a big deal

It's not mentioned in the docs but yes, you have to check what encryption and DH groups your OS(es) support. If I recall correctly, Windows and MacOS don't always support the same combos.

Jwiley78
Building a reputation

We don't have that option on the customer side.  It has to be done on the Meraki tech side.

PhilipDAth
Kind of a big deal

I've updated my client VPN wizard now so that it can now generate a Windows 10 PCI compliant VPN connection.

https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html 

 

It uses AES128+SHA1+DH Group 14.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels