Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
945
Views
0
Helpful
2
Replies

Enable SSL Decryption on the Cisco ASDM

deenhisham
Level 1
Level 1

‎03-11-2019 03:34 AM - edited ‎02-21-2020 08:55 AM

Hello,

So i am new to firewalls and i have got this question from one of our users

 

"We have had issues with our proxy service and they have asked us to check the below.

 Which firewall you are using upstream? Could you confirm if you have enabled SSL decryption on Firewall as well? "

 

Not sure if the ASAv supports SSL Decryption.

 

0 Helpful
2 Replies 2

Dennis Mink
VIP Alumni
VIP Alumni

‎03-11-2019 03:47 AM

Most likely the answer is no. So in what direction is this traffic going through the fw? Outbound to internet? So if you are simply permitting https through your fw from the proxies IP; then you are not decrypting.

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-11-2019 08:11 AM

ASAv does not support SSL decryption at all since it doesn't support the Firepower service module.

Other models of ASA 5500-X support it in software if there is a Firepower service module in place with an SSL policy that's been all setup. They also support it if they are running FTD image, as do Firepower appliances running FTD.

We seldom see it used on ASAs in production for general purpose traffic inspection since the performance is pretty slow and it can quickly bring a smaller appliance to its knees. It also requires intermediate to advanced knowledge of PKI to make it work properly - something that is not all that common.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card