We have an ASA 5520 that uses LDAP to authenticate VPN users with our Server 2008 R2 SP1 domain. We would like to convert to Secure LDAP so that the passwords are encrypted when they are checked against AD by the ASA. Our CA issues Suite B certificates that are based on SHA 384 and it appears that Version 8.2(1) does not support Suite B. I tried turning on secure LDAP in the ASA and it fails to connect. I see in the Windows event log that none of the encryption methods are supported. These are the methods I see that the ASA is supporting in the version we are running:
I see documentation in later versions of the ASA code that suggest support for Suite B for IPSEC connections. Does this mean that if I upgrade to a newer version of code, additional cipher suites will be available for Secure LDAP as well?
I have been working with Cisco on Suite B for sometime. They are telling me that Version 9.0 will support true Suite B (ECC with AES GCM and SHA2). Also, if I remember correctly it is only supported on the new X series ASA too (5512,5515, etc.).
User Experience Enhancements
As part of the Cisco Common User Experience program, we are working towards a more uniform user experience and terminology alignment. This program runs across all Cisco security products.
Early Access introduces a...
This video features a step by step walk through of configuring Cisco AnyConnect on FTD managed by FMC. Timestamps included for certificate installation, Access Control, Licensing, NAT, and Deployment failures.
I am trying to solve a CSR signing issue in a home lab.Can someone clarify this theoretical point? According to Wikipedia: "Before creating a CSR, the applicant first generates a key pair, keeping the private key secret. The...
Threat Response integrates with Cisco's Web Security Appliance (WSA) to provide visibility into web-bourne threats. By adding a Web Security or SMA Web module to Threat Response, investigators will be able to search for domains, URLs, and file hashes th...
I was helping some friends and they were trying to solve a scalable VPN issues, specially these days with the pandemic situation.
I recommended to implement ASA VPN Load-Balancing.
This will allow to keep 1 FQDN for all RA-VPN users an...