ciscosupp
asked on
Microsoft Windows 7/10 build in VPN client
Does Microsoft Windows 7/10 build in VPN client (L2TP over IPsec) support DES encryption and MD5 authentication?
ASKER
My question was
Does Microsoft Windows 7/10 build in VPN client (L2TP over IPsec) support DES encryption and MD5 authentication?
Does Microsoft Windows 7/10 build in VPN client (L2TP over IPsec) support DES encryption and MD5 authentication?
If you look here for Windows 10, it uses a certificate for the security settings and from what I can see that does not include DES.
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff687731(v=ws.10)
You need a client that can be set up in detail such as NCP.
Forget Windows 7 for a built in IPsec client. We use NCP for Windows 7 as well.
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff687731(v=ws.10)
You need a client that can be set up in detail such as NCP.
Forget Windows 7 for a built in IPsec client. We use NCP for Windows 7 as well.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I hope you are aware that there is a very good reason not to support DES or MD5 - they implement a very weak "security" (if you can call it such at all), so you might as well use no encryption/authentication.
But of course there are still devices out there not allowing to use something reasonable ...
But of course there are still devices out there not allowing to use something reasonable ...
no longer support the weak cipher (DES) and hash (MD5).
the default is 3 DES and SHA1
Default Encryption Settings for the Microsoft L2TP/IPSec Virtual Private Network Client-
https://support.microsoft.com/en-us/help/325158/default-encryption-settings-for-the-microsoft-l2tp-ipsec-virtual-priva
The following crypto algorithms are no longer supported on Windows Vista or later versions:http://sourcedaddy.com/windows-7/weak-cryptography-removal-from-pp-tpl2tp.html
40- and 56-bit RC4 encryption, formerly used by the Microsoft Point-to-Point Encryption (MPPE) Protocol for PPTP-based VPN connections
DES encryption, formerly used by IPsec policy within L2TP/IPsec-based VPN connections
MD5 integrity checking, formerly used by IPsec policy within L2TP/IPsec-based VPN connections
the default is 3 DES and SHA1
The removal of support for DES encryption and MD5 integrity checking for L2TP/IPsecbased VPN connections means that L2TP/IPsec-based VPN connections now support the following data encryption and data integrity algorithms by default:
128-bit AES, 256-bit AES, and 3DES for data encryption using IPsec
Secure Hash Algorithm (SHA1) for data integrity using IPsec
Default Encryption Settings for the Microsoft L2TP/IPSec Virtual Private Network Client-
https://support.microsoft.com/en-us/help/325158/default-encryption-settings-for-the-microsoft-l2tp-ipsec-virtual-priva
ASKER
People in the form did not answer my question
https://docs.microsoft.com/en-us/windows/security/identity-protection/vpn/vpn-connection-type
We use NCP Secure Entry on Windows 10 (www.ncp-e.com) as it is a convenient and robust client.