Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts with replies and give us your feedback.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9908
Views
7
Helpful
6
Replies

Diffie-Hellman Groups 14+ support

Chriz_J
Community Member

‎04-25-2019 11:38 AM

Hi folks,

I'm new to the community and looking forward to exchange with you.

In case of the currently supported DH groups by the MX devices, I would like to ask if it's known when safer groups will be supported?

I'm especially interested at when 19, 20 & 21 will be available for VPN configuration via MX?

Thank u guys,

Chriz

Labels:
6 Replies 6

Philip D'Ath
Meraki Community All-Star
Meraki Community All-Star

‎04-25-2019 04:39 PM

I would like Suite-B support in general, even though it is already on the way out thanks to the awesome power of Quantum computing for breaking the current crypto algorithyms. We'll have to see what replaces it.

IKEv2 support is now available on the 15.x beta code train upon special request from support for non-Meraki VPNs. Although not directly related, this tells us the VPN sub-system has had a big upgrade under the hood. If you were upgrading the VPN subsystem it seems reasonable that a crypto refresh would be done at the same time.

Chriz_J
Community Member
In response to Philip D'Ath

‎04-26-2019 12:23 AM

Thanks for your reply Philip,

I've passed on my request regarding IKEv2 to the support and asked at the same time, when we can expect the feature update.

I'll get back to this topic and leave you guys an info as soon as I received a feedback.

Chriz_J
Community Member
In response to Chriz_J

‎04-30-2019 04:31 AM

As promised my feedback as I got it from the support:

At this current time, this is not an available feature and we only offer support for DH Groups 1, 2 & 5. I'm afraid I do not have any information as to if/when this will be changed.
You can make a feature request by going to the bottom right-hand corner of any dashboard window and sending the request through the "Make a wish" button.

I had already used the "Make a wish" form.

I asked the support for an alternative and if the new MX series is likely to support IKEv2, otherwise we need to ship back our order because we have to comply with certain security standards towards our customers.

How did you guys solve this security 'issue'?

Regards,

Chr1z

0 Helpful

Robin777
Community Member

‎05-06-2024 06:56 AM

Hello all,

I have implemented now Meraki in one of our branch offices. And I noticed this now....

Now we have a lot of trouble with german customers which are not willing to do network peering without higher DH groups.

@ Meraki Please understand that higher DH groups are necessary for enterprise products....

Best regards

Robin

0 Helpful

jorgeatmeraki
Cisco Employee
Cisco Employee
In response to Robin777

‎04-05-2025 01:51 PM

Hello Robin777,

Recently, the beta version of MX 19.2.1, which was released on March 31, 2025, added support for advanced Diffie-Hellman groups, DH15 and DH21, in IPSec and AutoVPN solutions. Note this is a beta version, and I highly recommend reading the available release notes under Organization > Firmware Upgrades for all of the new firmware release details.

jorgeatmeraki
Cisco Employee
Cisco Employee

‎04-05-2025 01:50 PM

Hey Chriz_J,

Recently, the beta version of MX 19.2.1, which was released on March 31, 2025, added support for advanced Diffie-Hellman groups, DH15 and DH21, in IPSec and AutoVPN solutions. Note this is a beta version, and I highly recommend reading the available release notes under Organization > Firmware Upgrades for all of the new firmware release details.

0 Helpful
Customers Also Viewed These Support Documents