Solved: Re: How can I change the encryption level for Anyconnect users?

KEN COUSINO JR. · ‎01-22-2019

I have an ASA5512(Cisco Adaptive Security Appliance Software Version 9.8(2) ). I have Anyconnect setup on it and have licenses for up to 250 users. When I monitor the connections I see that the users are connecting with an SSL-Tunnel but they are only getting AES128 for the encryption level. I am looking to increase that to AES256, but don't know where it is set.

Please, any help would be appreciated.

Thanks

Sheraz.Salim · ‎01-22-2019

give this command

!

ssl encryption aes256-sha1 aes128-sha1 3des-sha1

please do not forget to rate.

View solution in original post

Mohammed al Baqari · ‎01-22-2019

Here is an example.

asa5505(config)# ssl client-version tlsv1-only asa5505(config)# ssl
server-version tlsv1 asa5505(config)# ssl encryption dhe-aes256-sha1
dhe-aes128-sha1 aes256-sha1 aes128-sha1 asa5505# show ssl Accept
connections using SSLv2 or greater and negotiate to TLSv1 Start connections
using TLSv1 only and negotiate to TLSv1 only Enabled cipher order:
dhe-aes256-sha1 dhe-aes128-sha1 aes256-sha1 aes128-sha1

*** Please remember to rate useful posts

View solution in original post

Sheraz.Salim · ‎01-22-2019

give this command

!

ssl encryption aes256-sha1 aes128-sha1 3des-sha1

please do not forget to rate.

Mohammed al Baqari · ‎01-22-2019

Here is an example.

asa5505(config)# ssl client-version tlsv1-only asa5505(config)# ssl
server-version tlsv1 asa5505(config)# ssl encryption dhe-aes256-sha1
dhe-aes128-sha1 aes256-sha1 aes128-sha1 asa5505# show ssl Accept
connections using SSLv2 or greater and negotiate to TLSv1 Start connections
using TLSv1 only and negotiate to TLSv1 only Enabled cipher order:
dhe-aes256-sha1 dhe-aes128-sha1 aes256-sha1 aes128-sha1

*** Please remember to rate useful posts