Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki VPN encryption

Solved
PatWruk
Getting noticed
2 weeks ago
2 weeks ago

Meraki VPN encryption

I was doing some random reading today and found a page that says the AutoVPN tunnels use AES-128 for encryption. Is that true? I tried searching it some more and nothing says what encryption level it uses.

The page I was reading is here under FAQ:

https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/...

Has anyone seen anything else or know if this is true or not?

Labels:
0 Kudos
Subscribe
1 Accepted Solution
In response to PatWruk
alemabrahao
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

The VPN tunnel is established. The Cisco Meraki cloud already knows VLAN and subnet
information for each MX, and now, the IP addresses to use for tunnel creation. The dashboard
and MXs establish two 16-character pre-shared keys (one per direction) and create a 128-
bit AES-CBC tunnel. Meraki Auto VPN leverages elements of modern IPSec (IKEv2, DiffeHellman and SHA256) to ensure tunnel confidentiality and integrity. Local subnets specified
in the dashboard by admins are exported across the VPN

 

meraki_whitepaper_autovpn.pdf (cisco.com)

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

Subscribe
4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

Auto VPN vs Non-Meraki Site-to-Site VPN

  • Auto VPN is a VPN connection between/among the WAN Appliances in different networks of the same Meraki dashboard organization
  • Non-Meraki site-to-site VPN is used when you form a VPN tunnel with a third-party/non-Meraki device or when you establish a VPN connection with a Meraki WAN Appliance in a different dashboard organization
  • Like Non-Meraki Site-to-Site VPN, Auto VPN has encryption, authentication and a key. The traffic is encrypted using an AES cipher. However, all of this is transparent to users and does not need to be (and cannot be) modified.

    Meraki Auto VPN - Configuration and Troubleshooting - Cisco Meraki Documentation
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
PatWruk
Getting noticed
2 weeks ago
2 weeks ago

That's what I was seeing as well. My concern is the link I shared says it's AES-128, and since we have to adhere to PCI requirements, it has to be a minimum AES-256.

0 Kudos
Subscribe
In response to PatWruk
alemabrahao
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

The VPN tunnel is established. The Cisco Meraki cloud already knows VLAN and subnet
information for each MX, and now, the IP addresses to use for tunnel creation. The dashboard
and MXs establish two 16-character pre-shared keys (one per direction) and create a 128-
bit AES-CBC tunnel. Meraki Auto VPN leverages elements of modern IPSec (IKEv2, DiffeHellman and SHA256) to ensure tunnel confidentiality and integrity. Local subnets specified
in the dashboard by admins are exported across the VPN

 

meraki_whitepaper_autovpn.pdf (cisco.com)

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
In response to alemabrahao
PatWruk
Getting noticed
2 weeks ago
2 weeks ago

That doc was what I needed. Thank you

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.