Solved

ASA 5505

Posted on 2011-02-13
6
299 Views
Last Modified: 2012-06-21
Is there a waay to disable AES on a Cisco 5505 and just use the 3DES?
0
Comment
Question by:jbell72
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34882415
HI,

yep, please show your config, and we tell you the required commands!
0
 

Author Comment

by:jbell72
ID: 34882576
:) I dont have a config yet, just was wondering if it could be done before we order the ASA's. We are not authorized to use AES so I just wanted to make sure.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34882713
ok..


Don't forget there is 3 type 5505:

ASA-5505-10-BUNK9
ASA-5505-50-BUNK9
ASA-5505-UL-BUNK9

10, 50, UL means how many IP address able to communicate behind the ASA to internet!

Best regards,
Istvan
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 1

Expert Comment

by:lomaree
ID: 34882885
Hi

Based on your ASA you can choose to use any encryption i.e. AES, DES and 3DES in your configuration for VPN site-2-site tunnels or VPN Dial-In.

HTH
0
 
LVL 18

Accepted Solution

by:
decoleur earned 500 total points
ID: 34947873
you can enable or disable the features that you want to use, to change from using AES to 3DES look at the example here: http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a00801e71c0.shtml

change the following lines:
crypto ipsec transform-set trmset1 esp-aes-256 esp-sha-hmac
to
crypto ipsec transform-set trmset1 esp-3des esp-sha-hmac

and
isakmp policy 10 encryption aes-256
to
isakmp policy 10 encryption 3des

if you do not have aes configured it will never accept an aes connection...

hope this helps,

-t
0
 

Author Comment

by:jbell72
ID: 35121600
THAnk you everyone, will try this this week.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question