VPN IPSec Polices

Bovie2K
Getting noticed

VPN IPSec Polices

Anyone hear anything about IKEv2 or higher than Diffie-Hellman group 5 with IKEv1. I’m a heavy Meraki user but our main firewall is Cisco Firepower. Just upgraded to Firepower 6.5 and they say DH Group 5 is deprecated and will be removed from a future version. Only problem is I have VPN’s with other clients using Meraki MX’s that are stuck at group 5.

 

Dont’t want to point fingers but it seems crazy one side of the shop is that’s deprecated and no longer considered fully secure and the other side is like uhh that’s is high as we go.

 

i know there is the big IPv6 thread and I’m not looking to start that with VPN I’m just wondering when is DH group 14 or 21 coming and then IKEv2.

2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal

+1 for Group 14.

Nash
Kind of a big deal

+2 for higher DH groups now.

 

I'd also kill for a higher client VPN setting. Support can bump you to AES-128/DH14, but it is still not great!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels