07-11-2019 01:53 AM
I searched for the highest available Diffie-Hellman on a Cisco RV3xx series router, but I found out that at first this router did not support IKEv2.
After a firmware update in November/December Cisco added IKEv2. But I cannot find the complete specifications for the highest available L2L VPN settings after this firmware update.
Does anybody have a Cisco RV3xx series router with the latest firmware and could he or she let me know the highest available settings for a L2L / Site-to-Site VPN tunnel configured with IKEv2.
I'd like to use Diffie-Hellman group 14 or higher as this is a requirement from an external party.
Kind regards,
Roy
Solved! Go to Solution.
07-11-2019 02:01 AM - edited 07-11-2019 02:12 AM
GUI screenshot.
Only group 2 and 5 you can select. No other.
Its enough?
07-11-2019 02:01 AM - edited 07-11-2019 02:12 AM
GUI screenshot.
Only group 2 and 5 you can select. No other.
Its enough?
07-11-2019 02:14 AM
Hi AlKor,
Thank you for the reply. This is indeed what I wanted to know. Disappointed that the Diffie-Hellman group doens't go beyond group 5.
On this page Cisco themselves anounced their recommendation on the minimum cryptography settings:
https://www.cisco.com/c/en/us/about/security-center/next-generation-cryptography.html
[quote]
Appendix A: Minimum Cryptography Recommendations
The following table lists recommended cryptographic algorithms that satisfy minimum security requirements for technology as of October 2015.
Table 3. Recommended Minimum Security Algorithms
Operation | Recommended Minimum Security Algorithms |
Encryption | AES-128-CBC mode |
Authentication | RSA-3072, DSA-3072 |
Integrity | SHA-256 |
Key exchange | DH Group 15 (3072-bit) |
[/quote]
These recommendations have been in effect since October 2015. The Cisco RV345 has been released on 21 feb 2017.
Anyways, I've got my answer so the thread can be closed.
Kind regards,
Roy
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: