Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASDM Encryption - Windows XP

Hi guys,

We currently are starting to change our remote access to SSL VPN. During testing I have noticed that XP will not work with the stronger encryption methods. It seems that it needs one out of the two out of RC4-SHA1 or 3DES-SHA1.

I have had a look around but cant find real definitive answers. Could you guys give me some tips of advantages and disadvantages of the two or let me know if i should just steer well clear of allowing these encryption methods to be used on our firewall.

Thanks for all your help,

MJ

1 ACCEPTED SOLUTION

Accepted Solutions

ASDM Encryption - Windows XP

RC4 has enough known weaknesses that the official advice from Microsoft, Cisco etc. is to stop using it; toss it in the same dustbin as MD5.  E.g.

https://blogs.technet.com/b/srd/archive/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4.aspx

So if you can't get clients to do something modern like AES-GCM and TLS 1.2, I'd go with the 3DES-SHA1.

-- Jim Leinweber, WI State Lab of Hygiene

2 REPLIES

ASDM Encryption - Windows XP

RC4 has enough known weaknesses that the official advice from Microsoft, Cisco etc. is to stop using it; toss it in the same dustbin as MD5.  E.g.

https://blogs.technet.com/b/srd/archive/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4.aspx

So if you can't get clients to do something modern like AES-GCM and TLS 1.2, I'd go with the 3DES-SHA1.

-- Jim Leinweber, WI State Lab of Hygiene

New Member

ASDM Encryption - Windows XP

Thanks James for the info, we are going to stick with 3DES-SHA1 for the next few months until XP support is dropped in June 2014.

Much appreciated,

MJ

153
Views
0
Helpful
2
Replies
CreatePlease login to create content