VMware Cloud Community
bedo1976
Contributor
Contributor

VCloud Director - missing new VPN site 2 site parameter sha-256 sha-384 DH group 24 aes256gcm

Hello

We are using VCloud Director to manage our cloud based VMvare system at a hosting provider and also to configure the site 2 site vpn from the hosting Provider to our on premise VPN Gateway.

Actualy only Site 2 Site Parameter sha 1 dh Group 2 and so on are supported by the GUI of VCloud Director. But we have a security policy, to update this VPN Parameter to newer state of the art sha-256, sha-384, dh Group 24, aes256gcm and soon.

Does anybody know, when the available Parameter in VCloud Director will be Extended or how I can get this Information?

Exists a possibility for a feature request towards VMWare that the Parameter will be increased to get more secure VPN connection? Because sha1 is not secure anymore.

Thanks

Best Regards

Bedo

Reply
0 Kudos
3 Replies
Sreec
VMware Employee
VMware Employee

Hope you are using NSX manager in this set-up ? The limitation you are referring is not a VCD limitation,those options should firstly be supported in underlying NSX/VCNS Edges and get exposed to VCD layer. So watch out for new NSX updates.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 6x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
bedo1976
Contributor
Contributor

Hi

Thanks for your answer. Yes we are using NSX. But also the latest version of NSX 6.3 only supports not the lates parameter.

Phase 1:

  1. Main-Modus
  2. TripleDES / AES [konfigurierbar]
  3. SHA-1
  4. MODP-Gruppe 2 (1024 Bits)

In my oppinion this parameter sha 1 and Group 2 didn´t improoved since about 1 year. Does anybody know a possibility to send this feature request according parameter update to development?

Reply
0 Kudos
Sreec
VMware Employee
VMware Employee

Yes,you can certainly send a FR ,kindly follow Making a VMware feature request (1002123) | VMware KB 

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 6x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
Reply
0 Kudos