07-17-2023 08:39 AM
I am new and not familiar with Cisco ASA products and we currently have 4 of the above ASA's that are running version 9.10 site to site.
How best to upgrade these and not break the site to site connection since we have to make changes to the Low Security Ciphers and Removal of bypass certificate validity checks option? Any other considerations or concern to worry about?
07-17-2023 08:46 AM - edited 07-17-2023 08:55 AM
@bfrytm In regard to the Site-to-Site VPNs review the current configurations and determine what encryption, hashing/integrity and DH groups are in use and determine whether they have been depreciated, check the release notes below.
https://www.cisco.com/c/en/us/td/docs/security/asa/asa916/release/notes/asarn916.html
No support for DH groups 2, 5, and 24 in 9.16(1)—Support has been removed for the DH groups 2, 5, and 24 in SSL DH group configuration. The ssl dh-group command has been updated to remove the command options group2, group5, and group24
https://www.cisco.com/c/en/us/td/docs/security/asa/asa913/release/notes/asarn913.html for a list of other depreciated low-security ciphers.
Best check all the release notes of the versions between 9.10 and 9.16 and see what other features have been depreciated, I know that clientless VPN has now been depreciated. https://www.cisco.com/c/en/us/td/docs/security/asa/roadmap/asa_new_features.html
07-17-2023 09:29 AM
Removal of bypass certificate validity checks option?
Please can you more elaborate about this point.
08-07-2023 08:19 AM
Sorry for the delay in responding. On the upgrade to version 9.13 there is a section on removal of bypass certificate validity checks option.
Also, is there any impact of updating these 4 ASA's individually as they are in 3 different locations across the US? Will anything break or do we need to make sure they are all done at the same time?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide