01-21-2004 02:25 PM - edited 02-21-2020 01:00 PM
Pix user guide 6.3 said that aes need DH group 5. The Cisco VPN client documentation for vpn client 4.03 has example showing DH with group 2.
I tried both and it only seem to work with group 2.
Has anyone get any success with group 5.
Thanks
Eppie
01-21-2004 03:10 PM
If you're using pre-shared keys (which is a standard group name and password in VPN3000 land), then the VPN client will use AES with DH Group 2. If you're using certificate's then it will use DH Group 5 with AES.
The admin guide here (http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/3_6/admin_gd/vcach6.htm#1157757) details all the IKE policies that the VPN client has, you can see with pre-shared keys AES is only negotiated with DH2.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community