cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
19658
Views
90
Helpful
16
Replies

HTTP Strict Transport Security on ASA

gchevalley
Beginner
Beginner

Our PCI scan vendor has recently began flagging the outside interfaces of all of our firewalls that have AnyConnect enabled on them.  Does anyone know if there is a way to enable HSTS on AnyConnect / WebVPN or the outside interface?

1 Accepted Solution

Accepted Solutions

Show me anywhere in the PCI standard that requires this.  You wont be able to. You don't require this to be PCI compliant.

Here is the US Government's FIPS140-2 certificate for AnyConnect.

http://www.cisco.com/c/dam/en_us/solutions/industries/government/security_certification/pdfs/acumenany_connect_desktop.pdf

Being certified to FIPS140-2 security standards for cryptography - I think more than trumps your scan saying it is insecure.

View solution in original post

16 Replies 16

Philip D'Ath
Advisor
Advisor

No.

Anyconnect will only run over an encrypted channel - by design.  That is the whole point of it.

You don't have anything to worry about in this regard.