Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1955
Views
1
Helpful
3
Replies

Updating ASA - Deprecated Parameters Removal

MarcoLazzarotto
Level 1
Level 1

‎03-21-2023 01:18 AM

I am updating my ASA. The version I am going to install (9.15 for the moment) will remove deprecated parameters like Diffie Hellman 2 and 24, some encryption algorithms and MD5 as hash algorithm.

I worked in the past months to upgrade our VPN tunnels in order to comply with new firmware protocols, but I still have those protocols in the default IKE-IPsec policies.

Do I have to manually edit the default policies, or will the ASA do that when booting the new firmware?

Labels:
0 Helpful
3 Replies 3

Rob Ingram
VIP
VIP

‎03-21-2023 02:04 AM

Hi @MarcoLazzarotto Before you upgrade from an earlier version of ASA to Version 9.15(1), you must update your VPN configuration to use the ciphers supported in 9.15(1), or else the old configuration will be rejected. When the configuration is rejected, one of the following actions will occur, depending on the command:

  • The command will use the default cipher.

  • The command will be removed.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa915/release/notes/asarn915.html

 

MarcoLazzarotto
Level 1
Level 1
In response to Rob Ingram

‎03-21-2023 04:56 AM

Hi @Rob Ingram, I updated all the VPNs, but I still have a few IPSEC proposals that cannot be deleted because are created by the system.

 

MarcoLazzarotto_0-1679399778234.png

How should I handle those?

0 Helpful

Rob Ingram
VIP
VIP
In response to MarcoLazzarotto

‎03-21-2023 05:01 AM

@MarcoLazzarotto as it's system defined proposals they would likely be removed (as per release notes) and replaced once upgraded to 9.15.

0 Helpful
Customers Also Viewed These Support Documents