Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1138
Views
5
Helpful
2
Replies

Highest available Diffie-Hellman on Cisco RV3xx series

Go to solution
royvdberg
Level 1
Level 1

‎07-11-2019 01:53 AM

I searched for the highest available Diffie-Hellman on a Cisco RV3xx series router, but I found out that at first this router did not support IKEv2.

After a firmware update in November/December Cisco added IKEv2. But I cannot find the complete specifications for the highest available L2L VPN settings after this firmware update.

Does anybody have a Cisco RV3xx series router with the latest firmware and could he or she let me know the highest available settings for a L2L / Site-to-Site VPN tunnel configured with IKEv2.

I'd like to use Diffie-Hellman group 14 or higher as this is a requirement from an external party.

 

Kind regards,

Roy

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
AlKor
Spotlight
Spotlight

‎07-11-2019 02:01 AM - edited ‎07-11-2019 02:12 AM

GUI screenshot.

Only group 2 and 5 you can select. No other.

Its enough?

IPSec.PNG

View solution in original post

2 Replies 2

Go to solution
AlKor
Spotlight
Spotlight

‎07-11-2019 02:01 AM - edited ‎07-11-2019 02:12 AM

GUI screenshot.

Only group 2 and 5 you can select. No other.

Its enough?

IPSec.PNG

Go to solution
royvdberg
Level 1
Level 1
In response to AlKor

‎07-11-2019 02:14 AM

Hi AlKor,

Thank you for the reply. This is indeed what I wanted to know. Disappointed that the Diffie-Hellman group doens't go beyond group 5.

On this page Cisco themselves anounced their recommendation on the minimum cryptography settings:

https://www.cisco.com/c/en/us/about/security-center/next-generation-cryptography.html

[quote]
Appendix A: Minimum Cryptography Recommendations

The following table lists recommended cryptographic algorithms that satisfy minimum security requirements for technology as of October 2015.

Table 3. Recommended Minimum Security Algorithms

OperationRecommended Minimum Security Algorithms

Encryption

AES-128-CBC mode
AuthenticationRSA-3072, DSA-3072
IntegritySHA-256
Key exchangeDH Group 15 (3072-bit)

[/quote]

These recommendations have been in effect since October 2015. The Cisco RV345 has been released on 21 feb 2017.

Anyways, I've got my answer so the thread can be closed.

Kind regards,
Roy 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents