11-25-2013 08:47 AM
Where does an anyconnection session on an ASA pull its encryption method from? Looks like the default is 3DES, but I can't find where in the config the encryption method gets applied. The transform set I'm using for IPSec isn't being applied to anyconnect clients.
thank you,
Bill
Solved! Go to Solution.
11-25-2013 09:04 AM
Hello,
Configuration > Remote Access VPN > Advanced> SSL Settings
"The ASA uses the Secure Sockets Layer (SSL) protocol and its successor, Transport Layer Security (TLS) to support secure message transmission for ASDM, Clientless, VPN, and browser-based sessions. The SSL Settings window lets you configure SSL versions and encryption algorithms for clients and servers. It also lets you apply previously configured trustpoints to specific interfaces, and to configure a fallback trustpoint for interfaces that do not have an associated trustpoint."
Source: ASDM online help.
Best regards,
Paul
11-25-2013 09:04 AM
Hello,
Configuration > Remote Access VPN > Advanced> SSL Settings
"The ASA uses the Secure Sockets Layer (SSL) protocol and its successor, Transport Layer Security (TLS) to support secure message transmission for ASDM, Clientless, VPN, and browser-based sessions. The SSL Settings window lets you configure SSL versions and encryption algorithms for clients and servers. It also lets you apply previously configured trustpoints to specific interfaces, and to configure a fallback trustpoint for interfaces that do not have an associated trustpoint."
Source: ASDM online help.
Best regards,
Paul
11-25-2013 12:32 PM
You can also make Anyconnect (version 3+) use IPsec with IKEv2. Specify IPsec as the protocol on the profile (xml file) and set it up as usual and enable it on the outside interface.
Here's a screenshot from my AnyConnect client when connected thus (click to enlarge):
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide