cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Client VPN with AES128 with DH Group 14

Highlighted
Getting noticed

Client VPN with AES128 with DH Group 14

This is the second time I've been given this task of making client VPN work with PCI standards.  Has anyone had any luck getting AES128 with DH Group 14 to work with Windows 10 VPN?

4 REPLIES 4
Highlighted
Conversationalist

Re: Client VPN with AES128 with DH Group 14

Hi Jwiley78

I never tried on my side but i'm interested in checking that as well

 

Have you ask Meraki to enable those as recommended in their documentation ?

https://documentation.meraki.com/MX/Client_VPN/Client_VPN_Overview#Encryption_Method

 

It seems though they only support AES128 and DH Group 5 (and only Group2 on Windows according to other discussion)

 

https://community.meraki.com/t5/Security-SD-WAN/AES-256-encryption-broke-Client-VPN/m-p/78951#M19826

Highlighted
Getting noticed

Re: Client VPN with AES128 with DH Group 14

I've had them enable it but now my client VPN will connect.

Highlighted
Kind of a big deal

Re: Client VPN with AES128 with DH Group 14

It is my understanding that the Windows 10 client VPN doe not support group 14.

 

So you can ask Meraki support to enable that, but I expect your Windows 10 client VPN to break.  You need to ask Microsoft to allow the use of stronger crypto for client VPN (especially since Windows 10 already supports it - just not for client L2TP VPN).

Highlighted
Kind of a big deal

Re: Client VPN with AES128 with DH Group 14

I've got this going now, and have updated my client VPN wizard to make it easy.

https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.