ASA 5500 AnyConnect – Change Preferred Encryption Cipher Order
KB ID 0001058 Problem A few days ago I wrote about disabling SSL v3.0 to force your clients to connect with the more secure TLS v1.0. But what if your AnyConnect clients chose to connect with a weaker encryption cipher? The ciphers your firewall offer (by default) will vary depending on what OS your ASA is running. Solution 1. To see what your cipher you are connected with look on the statistics tab, below we are connecting with the...
Cisco ASA – Cannot Enable Third Party Certificate (9.4 and later)
KB ID 0001106 Problem I installed a third party certificate for a client on their ASA (from Digicert). And followed my usual procedure. I enabled it on the outside interface and tested AnyConnect, it wasn’t working. The ASA refused to present anything other than its self signed certificate. Solution This is because after 9.4 the ASA will automatically present a certificate that has an elliptical curve cipher. Even if the ASA has...