CASA-VN-000610 - The Cisco ASA remote access VPN server must be configured to generate unique session identifiers using a FIPS-validated Random Number Generator (RNG) based on the Deterministic Random Bit Generators (DRBG) algorithm.
Both IPsec and TLS gateways use the RNG to strengthen the security of the protocols. Using a weak RNG will weaken the protocol and make it more vulnerable. Use of a FIPS validated RNG that is not DRGB mitigates to a CAT III.
Configure the ASA to have FIPS-mode enabled as shown in the example below. ASA1(config)# fips enable ASA1(config)# end Note: FIPS mode change will not take effect until the configuration is saved and the device rebooted.