Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Server 2012 R2 VPN Encryption

Status
Not open for further replies.

FreeSoldier

Technical User
Dec 10, 2013
58
US
Hi,

Our 2012 R2 Windows Server is setup to accept VPN connection via the "Routing and Remote Access" Tool.
We currently only accept L2TP and IKEv2 VPN Connections with a Preshared Key Setting.
Since our business accepted credit cards, we are required to run a PCI scan via trustwave.com.

The PCI scans are failing due to:
Weak Encryption Ciphers identified on VPN Device on port 500 UDP Protocol
Weak Diffie-Hellman groups identified on VPN Device on port 500 UDP Protocol

The remediation recommended are:
Removing support for DES/3DES encryption ciphers on this VPN device.
Use Diffie-Hellman Key Exchange Group 5 or higher where possible, or the highest available to the VPN endpoints.

How can I apply the above remediation to our Server? I have been looking all over the web without much success.


Thanks in Advance for all your help.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top