Diffie-Hellman Groups 14+ support

Chriz_J
Here to help

Diffie-Hellman Groups 14+ support

Hi folks,

 

I'm new to the community and looking forward to exchange with you.

In case of the currently supported DH groups by the MX devices, I would like to ask if it's known when safer groups will be supported?

I'm especially interested at when 19, 20 & 21 will be available for VPN configuration via MX? 

 

Thank u guys,

Chriz

4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal

I would like Suite-B support in general, even though it is already on the way out thanks to the awesome power of Quantum computing for breaking the current crypto algorithyms.  We'll have to see what replaces it.

 

IKEv2 support is now available on the 15.x beta code train upon special request from support for non-Meraki VPNs.  Although not directly related, this tells us the VPN sub-system has had a big upgrade under the hood.  If you were upgrading the VPN subsystem it seems reasonable that a crypto refresh would be done at the same time.

Chriz_J
Here to help

Thanks for your reply Philip,

 

I've passed on my request regarding IKEv2 to the support and asked at the same time, when we can expect the feature update.

I'll get back to this topic and leave you guys an info as soon as I received a feedback.

Chriz_J
Here to help

As promised my feedback as I got it from the support:

 

At this current time, this is not an available feature and we only offer support for DH Groups 1, 2 & 5. I'm afraid I do not have any information as to if/when this will be changed.
You can make a feature request by going to the bottom right-hand corner of any dashboard window and sending the request through the "Make a wish" button.

 

I had already used the "Make a wish" form. 

I asked the support for an alternative and if the new MX series is likely to support IKEv2, otherwise we need to ship back our order because we have to comply with certain security standards towards our customers.

 

How did you guys solve this security 'issue'?

 

Regards,

Chr1z

Robin777
Conversationalist

Hello all,

I have implemented now Meraki in one of our branch offices. And I noticed this now....

Now we have a lot of trouble with german customers which are not willing to do network peering without higher DH groups.

@ Meraki Please understand that higher DH groups are necessary for enterprise products....

Best regards

Robin

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels