Elliptic-Curve Diffie-Hellman on an ASA 5550

David Babiano Rodriguez · ‎09-15-2015

Hi to all,

I have a customer who has an ASA 5550 with AnyConnect Essentials license. Can I deploy ECDH to do the VPN connections more strongest???

How I can add more encryption algorithms?? How I can deploy up to TLS1.2??

Thanks in advance.

David

P.S.: If this post is in a wrong site, please let me know ASAP and I move it to the correct site. Thanks.

Vibhor Amrodia · ‎09-17-2015

Hi,

I don;t think this would be available on ASA 9.2 and before which is the max IOS that can run on ASA 5550.

Refer:-

http://www.cisco.com/c/en/us/td/docs/security/asa/asa94/release/notes/asarn94.html

Thanks and Regards,

VIbhor Amrodia

David Babiano Rodriguez · ‎09-17-2015

Hi Vibhor,

thanks for your reply but I'm not able to see which is the max IOS that can run on ASA 5550. In the compatibility matrix I can see that the max IOS version is the 9.1.6, is it correct? Or I'm wrong?? Can you confirm (or somebody) which is the max IOS version that can run on these devices???

Thanks in advance

Regards,

David

Vibhor Amrodia · ‎09-18-2015

Hi,

Yes , the Maximum IOS that you can run for this ASA would be the ASA 9.1.6.x code. The latest is 9.1.6.8

Thanks and Regards,

Vibhor Amrodia

srihari4cisco · ‎09-18-2015

Hello,

TLS1.2 is only available in 9.3 IOS release.

5550 platform currently do not have a release for 9.3, the latest code available for this platform is 9.1(6).

Anyconnect with SSL can be secured with AES-256 encryption algorithm.

ECDH is introduced in ASA 9.4(X) code. Hence it is not available for Cisco 5550 platforms.

Cheers,

Sri