Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How to enable AES-CTR encryption for ASA 5520

Dear Team ,

           When we see the show ssh sessions on our ASA . it shows output as following

K-ASA# show ssh sessions

SID Client IP       Version Mode Encryption    Hmac     State            Username

0   x.x.x.x               2.0     IN      aes256-cbc      sha1     SessionStarted   *******

                                     OUT   aes256-cbc       sha1     SessionStarted   *******

We can observe that in encryption it is using aes256-cbc . Now we want to disable the cbc encryption and enable the CTR encryption for SSH .

For the same we have upgraded the asa OS to 9.1.2 . Kindly confirm how can we enable the same .

Rgds,

Tushar

3 REPLIES
Cisco Employee

How to enable AES-CTR encryption for ASA 5520

Tushar,

It's eabled on the server.

MInd that you need the clien to want to use it :-)

From linux I tested this

ssh -c aes128-ctr bsns-asa5585-60-2 -l cisco

which resulted with

BSNS-ASA5585-60-2# show ssh sessions detail

SSH Session ID          : 1

Client IP              : 10.48.93.4

Username               : cisco

SSH Version            : 2.0

State                  : KeysExchanged

Inbound Statistics

  Encryption            : aes128-ctr

  HMAC                  : md5

  Bytes Received        : 272

Outbound Statistics

  Encryption            : aes128-ctr

  HMAC                  : md5

  Bytes Transmitted     : 176

Rekey Information

  Time Remaining (sec)  : 3284

  Data Remaining (bytes): 996147024

  Last Rekey            : 09:00:43.255 UTC Tue Jan 21 2014

  Data-Based Rekeys     : 0

  Time-Based Rekeys     : 0

BSNS-ASA5585-60-2#          

No special settings on ASA.

M.

New Member

How to enable AES-CTR encryption for ASA 5520

Thanks a lot . Can u please confirm how we can test the same through putty . Or is there any other client through which we can test this ( through windows machine )

  How we can test this ( through which machine have u tested )  .. Also is there any way by which we can disable CBC encryption  on ASA 5520

Awaiting your reverts .

Rgds,

Tushar

New Member

How to enable AES-CTR encryption for ASA 5520

  I just want to know if we can disable to CBC on ASA . I have got the ssh client which supports AES-CTR encryption .

We have one other ASA observation after VA test i.e SSH Weak MAC Algorithms Enabled .

Could u please help me in getting this closed ?

Rgds,

Tushar

859
Views
0
Helpful
3
Replies