How would you guys handle this with Meraki? Here's the email from control scan: The External scan detected ISAKMP with aggressive mode pre-shared secret authentication. The vulnerability is that the hash (pre shared key) is not encrypted! Suggestions for remediation are as follows. Solutions: - Isolate the credit card subnet from the vpn subnet failing the scan. (Please send a network diagram.) - Disable Aggressive Mode and use Main Mode. - Do not use Pre-Shared key for authentication if it's possible, use strong certificates. - If possible, do not allow VPN connections from all IP addresses, restrict to an ACL(Access Control List). - If using Pre-Shared key cannot be avoided, use very strong keys along with multifactor authentication in accordance with PCI DSS 8.3.2 Please send a screenshot of your login or your configuration page to your multifactor authentication tool/application to access the VPN, i.e. (DUO, Symantec, Azure Authentication mgr, etc....). PCI DSS 8.3.2 Please note that all Remote Access to the credit card subnet requires Multifactor Authentication per PCI DSS 8.3.2 https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf 8.3.2
... View more