Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
370
Views
0
Helpful
2
Replies

anyconnection encryption

Go to solution
WILLIAM STEGMAN
Level 4
Level 4

‎11-25-2013 08:47 AM

Where does an anyconnection session on an ASA pull its encryption method from?  Looks like the default is 3DES, but I can't find where in the config the encryption method gets applied.  The transform set I'm using for IPSec isn't being applied to anyconnect clients.

thank you,

Bill

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
pcarco
Cisco Employee
Cisco Employee

‎11-25-2013 09:04 AM

Hello,

Configuration > Remote Access VPN > Advanced> SSL Settings

"The ASA uses the Secure Sockets Layer (SSL) protocol and its successor, Transport Layer Security (TLS) to support secure message transmission for ASDM, Clientless, VPN, and browser-based sessions. The SSL Settings window lets you configure SSL versions and encryption algorithms for clients and servers. It also lets you apply previously configured trustpoints to specific interfaces, and to configure a fallback trustpoint for interfaces that do not have an associated trustpoint."

Source:  ASDM online help.

Best regards,

Paul

View solution in original post

0 Helpful
2 Replies 2

Go to solution
pcarco
Cisco Employee
Cisco Employee

‎11-25-2013 09:04 AM

Hello,

Configuration > Remote Access VPN > Advanced> SSL Settings

"The ASA uses the Secure Sockets Layer (SSL) protocol and its successor, Transport Layer Security (TLS) to support secure message transmission for ASDM, Clientless, VPN, and browser-based sessions. The SSL Settings window lets you configure SSL versions and encryption algorithms for clients and servers. It also lets you apply previously configured trustpoints to specific interfaces, and to configure a fallback trustpoint for interfaces that do not have an associated trustpoint."

Source:  ASDM online help.

Best regards,

Paul

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎11-25-2013 12:32 PM

You can also make Anyconnect (version 3+) use IPsec with IKEv2. Specify IPsec as the protocol on the profile (xml file) and set it up as usual and enable it on the outside interface.

Here's a screenshot from my AnyConnect client when connected thus (click to enlarge):

0 Helpful
Customers Also Viewed These Support Documents