Good morning, I have the mx64 model.
we want to make the site to site tunnel
When configuring to use site-to-site VPN, I realized that it does not meet the requirements for the connection. in phase 1 and 2,
For example, they ask me for the key exchange option (dh group) Group 20 but in mine it only reaches 14 and in phase two the same thing and it also asks for Authentication (hash) SHA-512 and it only reaches 256
Would it be necessary to change my model for another? And what other model does have the aforementioned?
This is not a limitation of the MX model it is general to all MX models. Therefore, there is no point in changing the MX.
https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Settings#IPsec_Policies
In my case, they ask me for certain requirements for the connection, which my MX 64 model does not meet.
Yes, I have that manual.
I don't know if all MX models are the same.
Yes, it is the same for ALL other models.
In short, you need a firewall that is not Meraki.
Damn, Meraki had a friendly interface. any that you recommend?
I sent you a private message.
thanks my friend!
Ask them to drop back to group 14.