cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
934
Views
5
Helpful
2
Replies

Highest available Diffie-Hellman on Cisco RV3xx series

royvdberg
Beginner
Beginner

I searched for the highest available Diffie-Hellman on a Cisco RV3xx series router, but I found out that at first this router did not support IKEv2.

After a firmware update in November/December Cisco added IKEv2. But I cannot find the complete specifications for the highest available L2L VPN settings after this firmware update.

Does anybody have a Cisco RV3xx series router with the latest firmware and could he or she let me know the highest available settings for a L2L / Site-to-Site VPN tunnel configured with IKEv2.

I'd like to use Diffie-Hellman group 14 or higher as this is a requirement from an external party.

 

Kind regards,

Roy

1 Accepted Solution

Accepted Solutions

AlKor
Participant
Participant

GUI screenshot.

Only group 2 and 5 you can select. No other.

Its enough?

IPSec.PNG

View solution in original post

2 Replies 2

AlKor
Participant
Participant

GUI screenshot.

Only group 2 and 5 you can select. No other.

Its enough?

IPSec.PNG

Hi AlKor,

Thank you for the reply. This is indeed what I wanted to know. Disappointed that the Diffie-Hellman group doens't go beyond group 5.

On this page Cisco themselves anounced their recommendation on the minimum cryptography settings:

https://www.cisco.com/c/en/us/about/security-center/next-generation-cryptography.html

[quote]
Appendix A: Minimum Cryptography Recommendations

The following table lists recommended cryptographic algorithms that satisfy minimum security requirements for technology as of October 2015.

Table 3. Recommended Minimum Security Algorithms

OperationRecommended Minimum Security Algorithms

Encryption

AES-128-CBC mode
AuthenticationRSA-3072, DSA-3072
IntegritySHA-256
Key exchangeDH Group 15 (3072-bit)

[/quote]

These recommendations have been in effect since October 2015. The Cisco RV345 has been released on 21 feb 2017.

Anyways, I've got my answer so the thread can be closed.

Kind regards,
Roy 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers