Meraki

Community

Diffie Helman 20 in MX.

Delphino
New here
2 weeks ago
2 weeks ago

Diffie Helman 20 in MX.

We are configuring a VPN with a non Meraki Peer. Te other side works with DH20. MX doesn't support this. A suggestion of another product?

Labels:
0 Kudos
3 Replies 3
alemabrahao
Kind of a big deal
2 weeks ago
2 weeks ago

As you noticed, MX does not support DH20, so your options are to change the DH on the other side or replace the MX with another firewall, such as a Palo Alto for example.

Another option I see would be to set up a Linux VM on the side with the MX and configure the VPN tunnel on that Linux machine and route through it.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

A virtual Cisco ASA.  The most common one I used is the ASAv10.  Run it behind or beside your MX.

https://www.cisco.com/c/en/us/products/collateral/security/adaptive-security-virtual-appliance-asav/...

 

0 Kudos
GIdenJoe
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

Either have the other side change their DH parameter to DH14 or have a separate router device do the VPN and just route to it from the MX.

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.