Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

anyconnection encryption

Where does an anyconnection session on an ASA pull its encryption method from?  Looks like the default is 3DES, but I can't find where in the config the encryption method gets applied.  The transform set I'm using for IPSec isn't being applied to anyconnect clients.

thank you,

Bill

  • VPN
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

anyconnection encryption

Hello,

Configuration > Remote Access VPN > Advanced> SSL Settings

"The ASA uses the Secure Sockets Layer (SSL) protocol and its successor, Transport Layer Security (TLS) to support secure message transmission for ASDM, Clientless, VPN, and browser-based sessions. The SSL Settings window lets you configure SSL versions and encryption algorithms for clients and servers. It also lets you apply previously configured trustpoints to specific interfaces, and to configure a fallback trustpoint for interfaces that do not have an associated trustpoint."

Source:  ASDM online help.

Best regards,

Paul

2 REPLIES
Cisco Employee

anyconnection encryption

Hello,

Configuration > Remote Access VPN > Advanced> SSL Settings

"The ASA uses the Secure Sockets Layer (SSL) protocol and its successor, Transport Layer Security (TLS) to support secure message transmission for ASDM, Clientless, VPN, and browser-based sessions. The SSL Settings window lets you configure SSL versions and encryption algorithms for clients and servers. It also lets you apply previously configured trustpoints to specific interfaces, and to configure a fallback trustpoint for interfaces that do not have an associated trustpoint."

Source:  ASDM online help.

Best regards,

Paul

Hall of Fame Super Silver

anyconnection encryption

You can also make Anyconnect (version 3+) use IPsec with IKEv2. Specify IPsec as the protocol on the profile (xml file) and set it up as usual and enable it on the outside interface.

Here's a screenshot from my AnyConnect client when connected thus (click to enlarge):

98
Views
0
Helpful
2
Replies