cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

AES-256 encryption broke Client VPN

Highlighted
Building a reputation

AES-256 encryption broke Client VPN

Not really a question, just sharing an experience.  Back in January we updated our firmware and had Meraki tech support change encryption standards so we could pass a PCI scan.  Found out today that the change actually had broken client VPN.

 

Meraki was using 256 and Windows was using 128.  This would not allow the connection to work.  Once tech support reverted the change on their end the connection began working again.

 

Client VPN is now fixed and working.  Now time to deal with the struggle of PCI.

3 REPLIES 3
Highlighted
Kind of a big deal

Re: AES-256 encryption broke Client VPN

It's not mentioned in the docs but yes, you have to check what encryption and DH groups your OS(es) support. If I recall correctly, Windows and MacOS don't always support the same combos.

Highlighted
Building a reputation

Re: AES-256 encryption broke Client VPN

We don't have that option on the customer side.  It has to be done on the Meraki tech side.

Highlighted
Kind of a big deal

Re: AES-256 encryption broke Client VPN

I've updated my client VPN wizard now so that it can now generate a Windows 10 PCI compliant VPN connection.

https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html 

 

It uses AES128+SHA1+DH Group 14.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.