I lab'd a task last night where the requirement was the "strongest possible" DH, in the solution 5 was used.
From: [email protected] [mailto:[email protected]] On Behalf Of Kingsley Charles Sent: 20 January 2010 13:43 To: Bartlett Graham A Cc: Simon Baumann; [email protected] Subject: Re: [OSL | CCIE_Security] Question about DH group. In the examination, which group do we need to use for EzVPN server? Cisco recommends to use Group 2 for EzVPN server With regards Kings On Wed, Jan 20, 2010 at 5:01 PM, Bartlett Graham A <[email protected]> wrote: Simon Hopefully this will clear it up for you mate http://www.ietf.org/rfc/rfc3526.txt -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Simon Baumann Sent: 20 January 2010 11:21 To: [email protected] Subject: [OSL | CCIE_Security] Question about DH group. Hi, I noticed that IOS offers options 1,2,5 and (new to me) 14,15 and 16 for the DH group. Are the last groups new? Could I use it like the other groups or are there limitations (except for the other side not supporting it)? TIA. Cheers Simon _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com <http://www.ipexpert.com/> "This e-mail is intended for the recipient only. If you are not the intended recipient you must not use, disclose, distribute, copy, print, or rely upon this e-mail. If an addressing or transmission error has misdirected this e-mail, please notify the author by replying to this e-mail." "Recipients should note that all e-mail traffic on MOD systems is subject to monitoring and auditing." _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com <http://www.ipexpert.com/>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
