SSL VPN users only conenct on Protocol Encryption RC4 - why?

Unanswered Question
Jul 28th, 2008
User Badges:

Hi,


My Clientless SSL VPN users only connect to my ASA on RC4 protocol encryption, is this ok? I want them to connect on AES 256 but they can't.


Actually 3DES-168 seems to work as well.


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
a.alekseev Mon, 07/28/2008 - 05:17
User Badges:
  • Gold, 750 points or more

by default rc4-sha1 takes precedence


you can modify this behaviour by the command

"ssl encryption aes128-sha1 rc4-sha1 aes256-sha1 3des-sha1"


or use asdm

see the attachment





Attachment: 
jamesgonzo Fri, 08/01/2008 - 04:50
User Badges:

Hi,


I tried that but I only ever conenct at RC4-Sha1, even when I put it at the end.


Why is this please?

Farrukh Haroon Fri, 08/01/2008 - 06:23
User Badges:
  • Red, 2250 points or more

It would depend on your browser, wouldn't it?


Which one are you using?


Also what do you have checked under Tools >> Internet Options >> Advanced (SSL 2.0 / SSL 3.0 ?)


Regards


Farrukh

jamesgonzo Fri, 08/01/2008 - 06:42
User Badges:

I'm using IE7, under those options I have SSL 3.0, TSL 1.0 selected.


In the ASDM I have Server SSL verion set to any and Client SSL version set to any.

Actions

This Discussion