cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Diffie-Hellman Groups 14+ support

Highlighted
Here to help

Diffie-Hellman Groups 14+ support

Hi folks,

 

I'm new to the community and looking forward to exchange with you.

In case of the currently supported DH groups by the MX devices, I would like to ask if it's known when safer groups will be supported?

I'm especially interested at when 19, 20 & 21 will be available for VPN configuration via MX? 

 

Thank u guys,

Chriz

3 REPLIES 3
Highlighted
Kind of a big deal

Re: Diffie-Hellman Groups 14+ support

I would like Suite-B support in general, even though it is already on the way out thanks to the awesome power of Quantum computing for breaking the current crypto algorithyms.  We'll have to see what replaces it.

 

IKEv2 support is now available on the 15.x beta code train upon special request from support for non-Meraki VPNs.  Although not directly related, this tells us the VPN sub-system has had a big upgrade under the hood.  If you were upgrading the VPN subsystem it seems reasonable that a crypto refresh would be done at the same time.

Here to help

Re: Diffie-Hellman Groups 14+ support

Thanks for your reply Philip,

 

I've passed on my request regarding IKEv2 to the support and asked at the same time, when we can expect the feature update.

I'll get back to this topic and leave you guys an info as soon as I received a feedback.

Highlighted
Here to help

Re: Diffie-Hellman Groups 14+ support

As promised my feedback as I got it from the support:

 

At this current time, this is not an available feature and we only offer support for DH Groups 1, 2 & 5. I'm afraid I do not have any information as to if/when this will be changed.
You can make a feature request by going to the bottom right-hand corner of any dashboard window and sending the request through the "Make a wish" button.

 

I had already used the "Make a wish" form. 

I asked the support for an alternative and if the new MX series is likely to support IKEv2, otherwise we need to ship back our order because we have to comply with certain security standards towards our customers.

 

How did you guys solve this security 'issue'?

 

Regards,

Chr1z

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.