...applied from the command line. The ciphers listed in that command are all "strong" and should result in the scan being successful. This should not impact any clients running anything like a modern browser.
You can find the equivalent commands in ASDM under “Configuration, Remote Access VPN, Advanced, SSL Settings”. Just make the menu picks so that only the above-listed algorithms are in the “Active Algorithms” list.
I think Marvin is correct in his explaination, the change in accepted Cipher suites should fix the problem. I think you have to contact the PCI scan company about a False-Positive, the Bug mentioned by them works by switching to lower cipher suite in the middle of the connection but since you are not supporting any medium or lower security ciphers it should affect you.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...