The AES-GCM ciphers are more secure than AES-CBC, you should probably also consider using only TLS 1.2 and DTLS 1.2 (DTLS 1.2 requires AnyConnect 4.7+) as well. You would need to use a custom cipher list as the default tlsv1.2 "high" list contains the ciphers you do not wish to use.
If you need to back out, then preprend "no" and repeat the above commands.
Before making the change, use the command show vpn-sessiondb ratio encryption and work out what encryption protocol your clients have currently connected using.
Make sure you are using at least AnyConnect 4.7, ideally 4.8 - determine this before you make the changes. If your client computers are using Windows 10 and AnyConnect 4.7/4.8, they are probably already connecting using AES-GCM as this is default, so you shouldn't have any issue changing the ciphers.
If you have trouble connnecting to ASDM after changing the ciphers, upgrade your java version - as your current version may not support TLS1.2.
Refer to this best practices guide for more information.
Hello,I configured very easy the SSL in RV345 Vpn router, according this doc: https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/smb5519-configure-secure-sockets-layer-virtual-private-network-ssl-v.htmlI tri...
HIDoes anyone know if there is an easier way than the belowQ. I check connection events for IOC's when requested and sometimes i have to check many url's which i am presently doing one url at a time and is very time consuming, is there a way to check mult...
Cisco Identity Services Engine (ISE) gives you intelligent Integrated protection through intent-based policy and compliance solution. ISE supports external MDM vendor integration to help the customers to look for compliance of a devic...
This video provides the steps to configure the Cisco Threat Response (CTR) and ESA Integration.
This is live on the portal:https://video.cisco.com/video/6159336218001
And on YouTube:https://www.youtube.com/watch?v=UCKIdx5rdFg