Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2114
Views
0
Helpful
1
Replies

ASA Support for Suite B

Joseph.Rehling
Level 1
Level 1

‎05-17-2012 06:25 AM - edited ‎02-21-2020 04:38 AM

We have an ASA 5520 that uses LDAP to authenticate VPN users with our Server 2008 R2 SP1 domain. We would like to convert to Secure LDAP so that the passwords are encrypted when they are checked against AD by the ASA. Our CA issues Suite B certificates that are based on SHA 384 and it appears that Version 8.2(1) does not support Suite B. I tried turning on secure LDAP in the ASA and it fails to connect. I see in the Windows event log that none of the encryption methods are supported. These are the methods I see that the ASA is supporting in the version we are running:

Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)

Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)

Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)

Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a

I see documentation in later versions of the ASA code that suggest support for Suite B for IPSEC connections. Does this mean that if I upgrade to a newer version of code, additional cipher suites will be available for Secure LDAP as well?

Has any one tried this and got it working?

0 Helpful
1 Reply 1

bhweaver2004
Level 1
Level 1

‎06-07-2012 11:46 AM

I have been working with Cisco on Suite B for sometime.  They are telling me that Version 9.0 will support true Suite B  (ECC with AES GCM and SHA2).  Also, if I remember correctly it is only supported on the new X series ASA too (5512,5515, etc.).

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card