Alasdairb
asked on
Enforce encryption strength on Cisco ASA VPN
Hello
My client has an ASA 5505 firewall using the classic VPN client software. Cisco are dropping support for this client so we want to move to Anyconnect Essentials client software and we will upgrade the ASA to the latest versions of the OS (asa914-k8.bin) and ASDM (asdm-715-100.bin).
We would like to enforce a key length of 256 bits AES and 2048 RSA and the ASA should drop connection requests not meeting these standards. Is it possible to enforce this using the software mentioned?
My understanding of encryption is not the best.
Many thanks,
Alasdair Barclay
My client has an ASA 5505 firewall using the classic VPN client software. Cisco are dropping support for this client so we want to move to Anyconnect Essentials client software and we will upgrade the ASA to the latest versions of the OS (asa914-k8.bin) and ASDM (asdm-715-100.bin).
We would like to enforce a key length of 256 bits AES and 2048 RSA and the ASA should drop connection requests not meeting these standards. Is it possible to enforce this using the software mentioned?
My understanding of encryption is not the best.
Many thanks,
Alasdair Barclay
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello Henk,
sorry I've been away so long, many projects to pay with. It's not sorted yet, at least the enforcement, but at least the Anyconnect is working.
I'll award the points as you were the only person to help, and you gave me good reading tips I didn't find myself.
Thanks.
Alasdair
sorry I've been away so long, many projects to pay with. It's not sorted yet, at least the enforcement, but at least the Anyconnect is working.
I'll award the points as you were the only person to help, and you gave me good reading tips I didn't find myself.
Thanks.
Alasdair
ASKER
thanks for the links, I did not come across these. I guess the line then would be
ciscoasa(config-webvpn)#ss
and leave out the other options. It will either negotiate the aes256-sha1 or it won't connect.
I hope to have a proper read of your lined document tomorrow and will report back.
Thanks.