Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How to disable AES CBC encryption on ASA 5545

 

 

Hi ,

 

In our environment  having ASA 5545 ( IOS Ver 9.1) Firewall and In there AES 256 CBC cipher encryption is enabled for SSH user access.

we need to disable CBC cipher encryption and enable the CTR Cipher encryption for SSH users.

Kindly help me for the same .

 

 

 

Thanks,

Dheeraj

 

 

  • Firewalling
1 REPLY
Hall of Fame Super Silver

AES256-ctr was just added in

AES256-ctr was just added in ASA software version 9.1(2). I don't believe the ssh encryption type is configurable in the ASA ssh server. You need to specify it in the client - I did verify it will connect when yo do that (see output below).

SSL encyption ciphers can be specified to exclude the weak ciphersuites.

 

# sh ssh session det

SSH Session ID          : 1
 Client IP              : <deleted>
 Username               : <deleted>
 SSH Version            : 2.0
 State                  : SessionStarted
 Inbound Statistics
  Encryption            : aes256-ctr
  HMAC                  : sha1
  Bytes Received        : 1824
 Outbound Statistics
  Encryption            : aes256-ctr
  HMAC                  : sha1
  Bytes Transmitted     : 5632
 Rekey Information
  Time Remaining (sec)  : 3277
  Data Remaining (bytes): 996142580
  Last Rekey            : 07:12:38.807 UTC Tue May 20 2014
  Data-Based Rekeys     : 0
  Time-Based Rekeys     : 0

1172
Views
0
Helpful
1
Replies