Disabling weak ciphers for IPSec VPN?
The equipment in question is an NSA E5500 running the latest firmware and thus far there seems to be no way to disable the use of weak ciphers for an IPSec VPN connection. This is causing a bit of trouble, because it appears to allow MD5, SHA1, and 3DES methods to continue being advertised as available as well as allow VPN connections using these mechanisms no matter how the settings for WAN GroupVPN policies are configured.
Is there any way to actually disable these methods so that we can finally make 100% PCI compliance?
(To those who are about to guess, it's apparently not the Cipher Control page)