AlertLogic PCI scan : ISAKMP Allows Weak IPsec Encryption Settings

Dear Expert,

AlertLogic is reporting "ISAKMP Allows Weak IPsec Encryption Settings" vulnerability on our ASA public IP. How can fix it?.
We are using IPSec proposal ESP-3DES-SHA in VPN key exchange

Thks in advance

JJC
celmajjAsked:
Who is Participating?
 
btanExec ConsultantCommented:
Go for stronger crypto by modifying the ISAKMP settings to only allow secure encryption algorithms to be negotiated. Avoid weak algo for encryption like DES and outgoing hash like SHA. Minimally, disable the encryption algorithm "DES" (key length of 56 bits) and the key exchange algorithm DH768 (MODP768). see ISAKMP config http://www.cisco.com/c/en/us/td/docs/security/asa/asa70/configuration/guide/config/ike.html
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.