cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2229
Views
0
Helpful
1
Replies

ASA Support for Suite B

Joseph.Rehling
Level 1
Level 1

We have an ASA 5520 that uses LDAP to authenticate VPN users with our Server 2008 R2 SP1 domain. We would like to convert to Secure LDAP so that the passwords are encrypted when they are checked against AD by the ASA. Our CA issues Suite B certificates that are based on SHA 384 and it appears that Version 8.2(1) does not support Suite B. I tried turning on secure LDAP in the ASA and it fails to connect. I see in the Windows event log that none of the encryption methods are supported. These are the methods I see that the ASA is supporting in the version we are running:

Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)

Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)

Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)

Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a

I see documentation in later versions of the ASA code that suggest support for Suite B for IPSEC connections. Does this mean that if I upgrade to a newer version of code, additional cipher suites will be available for Secure LDAP as well?

Has any one tried this and got it working?

1 Reply 1

bhweaver2004
Level 1
Level 1

I have been working with Cisco on Suite B for sometime.  They are telling me that Version 9.0 will support true Suite B  (ECC with AES GCM and SHA2).  Also, if I remember correctly it is only supported on the new X series ASA too (5512,5515, etc.).

Review Cisco Networking for a $25 gift card