cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Can I see the parameters chosen by the autoVPN?

SOLVED
Highlighted
Here to help

Can I see the parameters chosen by the autoVPN?

hello guys,

I have a doubt, we know that part of the wonder of meraki is the easy implementation of VPN or AutoVPN, but part of it is the self-selection of the VPN parameters (algortimos, hashes, etc.).

 

Then I want to know if in some way it is possible to validate which are these parameters or if they are always the same by default, and in this case which serial default?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Kind of a big deal

Re: Can I see the parameters chosen by the autoVPN?

As far as I know there isn't a Phase 1 on AutoVPN. The key exchange part is handled by the Dashboard with keys generated randomly and delivered via the mtunnel to each MX. 

 

As for the Phase 2 stuff, Meraki has previously stated AES128, though I have seen some stuff saying they were supposed to be moving to AES256 at some point. I'm not sure where that's at. 

 

Meraki does have a Whitepaper on the topic;

 

https://meraki.cisco.com/lib/pdf/meraki_whitepaper_autovpn.pdf

 

But that is a little light on specifics. 

View solution in original post

2 REPLIES 2
Highlighted
Kind of a big deal

Re: Can I see the parameters chosen by the autoVPN?

As far as I know there isn't a Phase 1 on AutoVPN. The key exchange part is handled by the Dashboard with keys generated randomly and delivered via the mtunnel to each MX. 

 

As for the Phase 2 stuff, Meraki has previously stated AES128, though I have seen some stuff saying they were supposed to be moving to AES256 at some point. I'm not sure where that's at. 

 

Meraki does have a Whitepaper on the topic;

 

https://meraki.cisco.com/lib/pdf/meraki_whitepaper_autovpn.pdf

 

But that is a little light on specifics. 

View solution in original post

Here to help

Re: Can I see the parameters chosen by the autoVPN?

Thank you!!

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.