"For those who do evaluating this sort of thing should be done prior to implementing the device" FYI these criteria were not failing criteria until May of this year. I used to be able to get my scans approved by disputing the Aggressive IKE point and telling them that my PSK was sufficiently complex and rotated regularly, which they consider a compensating control. But now, as @lpopejoy has shown in his screenshots, DH 1-4 are considered "unsafe" and are now considered a fail. This is not our fault, it's Meraki's. Just a bit of context.
... View more
