Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, July 12, 2017 4:18 PM
Is it possible to change the default encryption in Windows 10 for L2TP client? I am specifically referring to this article - https://support.microsoft.com/en-us/help/325158/default-encryption-settings-for-the-microsoft-l2tp-ipsec-virtual-priva.
By default this is set to 3DES/SHA1 for IKE, where as for L2TP/IPSEC I am able to connect with AES256/SHA1. For compliance purposes there is a need to retire support for 3DES.
All replies (3)
Thursday, July 13, 2017 6:10 AM
Hi,
That's not possible. They are hard-coded in the client and you cannot change them.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, July 13, 2017 1:56 PM
Thank you for reply
One last question, so I know 3DES is the default, and I can not change the default. However, does the builtin L2TP client 'support' other encryption levels for IKE? If I removed 3DES/SHA1 as an available option on the ASA's side then obviously the client could not connect. But is there any other support for higher levels such as AES, AES192 or AES256?
Friday, July 14, 2017 8:47 AM
Yes, the L2TP message is encrypted with one of the following protocols by using encryption keys generated from the IKE negotiation process: Advanced Encryption Standard (AES) 256, AES 192, AES 128, and 3DES encryption algorithms.
Here is an article for you:
VPN Tunneling Protocols
https://technet.microsoft.com/en-us/library/dd469817(v=ws.10).aspx
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].