Client VPN with AES128 with DH Group 14

Jwiley78
Building a reputation

Client VPN with AES128 with DH Group 14

This is the second time I've been given this task of making client VPN work with PCI standards.  Has anyone had any luck getting AES128 with DH Group 14 to work with Windows 10 VPN?

4 REPLIES 4
Jerome_EVAGroup
Here to help

Hi Jwiley78

I never tried on my side but i'm interested in checking that as well

 

Have you ask Meraki to enable those as recommended in their documentation ?

https://documentation.meraki.com/MX/Client_VPN/Client_VPN_Overview#Encryption_Method

 

It seems though they only support AES128 and DH Group 5 (and only Group2 on Windows according to other discussion)

 

https://community.meraki.com/t5/Security-SD-WAN/AES-256-encryption-broke-Client-VPN/m-p/78951#M19826

I've had them enable it but now my client VPN will connect.

PhilipDAth
Kind of a big deal
Kind of a big deal

It is my understanding that the Windows 10 client VPN doe not support group 14.

 

So you can ask Meraki support to enable that, but I expect your Windows 10 client VPN to break.  You need to ask Microsoft to allow the use of stronger crypto for client VPN (especially since Windows 10 already supports it - just not for client L2TP VPN).

PhilipDAth
Kind of a big deal
Kind of a big deal

I've got this going now, and have updated my client VPN wizard to make it easy.

https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels