Cisco VPN Client won't use Diffie Hellman Group 5 only 2 with IKE AES-256

Unanswered Question
Feb 20th, 2008
User Badges:

Hi, I am using the Cisco Concentrator 3015 and the latest Cisco VPN client. I have got users connected using CiscoVPNClient-AES256-SHA instead of CiscoVPNClient-3DES-MD5 for the IKE proposal. (which I think is the phase 1).

Both use Diffie Hellman Group 2, but I want to use Diffie Hellman Group 5 with AES-256 which I am told is the right one.

The thing is if I set it to Diffie Hellman Group 5 (in CiscoVPNClient-AES256-SHA) then this is ignored and users connect using IKE CiscoVPNClient-3DES-MD5 instead.

Can the Cisco VPN client to handle DH Group 5?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion