0

I had to replace a Cisco ASA 5510 that died.

I have everything back up and running however when I connect to the ASA via SSH (through Putty), I receive the following warning message:

"The first cipher supported by the server is single-DES, which is below the configured warning threshold. Do you want to continue with this connection?"

I have tried to solve this by recreating the security keys with the following two commands

crypto key zeroize rsa crypto key generate rsa noconfirm

However nothing has changed. I still receive the warning message when I connect via SSH.

Improve this question

2 Answers 2

Reset to default
1

Issuing the following seems to have resolved the problem. Am I correct is assuiming that I'm now using the more secure key? I never had the "ssh version 2" command running on my ASA 5510 that died on me. Perhaps there was a stronger key originally generated on it using sparks answer?

config t ssh version 2
Improve this answer
1
  • Specifying version 2 should also do the trick, I forgot that 1 is still supported to be honest. Commented May 21, 2009 at 15:28
0

Does your replacement ASA unit definitely have a 3DES/AES license installed? Sounds like it might not.

Have a look at www.cisco.com/en/US/docs/security/asa/asa80/getting_started/asa5500/quick/guide/DESlic.html and see if that's any use.

(apparently I'm not allowed to post hyperlinks, so I apologise if this suggestion isn't in the most useful format)

Cheers, jmi

Improve this answer
1
  • Good point Jamie, and I should have clairified that yes we do have the 3DES license. Commented May 21, 2009 at 18:42

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.