cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
875
Views
0
Helpful
4
Replies

ASA 5525x with embedded IPS

Scott Robertson
Level 1
Level 1

Hi everyone,

We are going through an IA audit and the IA tema would like me to change the SS/SSH kLey strength from the default 1024 to 2048.

How can I accomplish this on IPS module in a ASA 5525x firewall?

I see where i can regenerate a new key throught IME but it does not have any cofigurable parameters to change/choose key sizes.

Perhaps there is a way in the CLI ?

Thanks for the expertise!

Scott Robertson

1 Accepted Solution

Accepted Solutions
4 Replies 4

Naveen Kumar
Level 4
Level 4

Hello and thanks for the reply.

I have reviewed the setup guide in the link above and the guide provides the CLI syntax to generate a new TLS server certificate however it does not provide any parameters to change the key size. So IPS will generate a new self signed certificate but will only create a 1024 bit size key. Same problem I have in IME.  This is a government client and their security policy mandates that any SSL certificate sizes be  of 2048 bit strength or higher. At this point a feature request would probably be in order.

Thanks again for your reply.

Scott Robertson



blenka
Level 3
Level 3

I did not get if you are looking for embaded IPS or IP if IP for clear information Please find the link below.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/82446-enable-voip-config.html

I am referring to IPS SSP in the ASA 5525x firewall. It appears ther is no way to change the certificate size from 1024 to 2048 or higher . My IA auditors are complaining about the weak key size of 1024. I was hoping it could be done from CLI on the IPS modules but the feature does not exist to change the strength of the keys to 2048 which is our minimum security standard.


I am using the generate new self signed certificate feature in the IPS GUI.

Sent from Cisco Technical Support iPhone App

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: