We have an ASA 5520 that uses LDAP to authenticate VPN users with our Server 2008 R2 SP1 domain. We would like to convert to Secure LDAP so that the passwords are encrypted when they are checked against AD by the ASA. Our CA issues Suite B certificates that are based on SHA 384 and it appears that Version 8.2(1) does not support Suite B. I tried turning on secure LDAP in the ASA and it fails to connect. I see in the Windows event log that none of the encryption methods are supported. These are the methods I see that the ASA is supporting in the version we are running:
I see documentation in later versions of the ASA code that suggest support for Suite B for IPSEC connections. Does this mean that if I upgrade to a newer version of code, additional cipher suites will be available for Secure LDAP as well?
I have been working with Cisco on Suite B for sometime. They are telling me that Version 9.0 will support true Suite B (ECC with AES GCM and SHA2). Also, if I remember correctly it is only supported on the new X series ASA too (5512,5515, etc.).
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :