https://community.cisco.com/t5/network-security/access-to-my-asdm-asa5505/m-p/2329590#M311593 <HTML><HEAD></HEAD><BODY><P>Newer browsers do not allow you to connect to SSL servers running weak encyption algorithms (e.g. des). </P><P></P><P>Last year Cisco started turning off the strong algorithms (aes and 3des) by default on ASAs. </P><P></P><P>You can check using the command I suggested above.</P></BODY></HTML> Fri, 04 Oct 2013 21:29:49 GMT Marvin Rhoads 2013-10-04T21:29:49Z https://community.cisco.com/t5/network-security/access-to-my-asdm-asa5505/m-p/2329587#M311583 <P>Hi I have been using a few days the firewall ASA5505 they've completely put new, the ASA Version 8.4 (2) have been playing and the ASDM version 6.4 (9). I have the Basic Config loaded with the command "conf t" and "Facorty default-config."</P><P></P><P></P><P>Now I want to connect to this firewall, but this is not because he always says he unable to connect to the firewall. The IP settings I have the following: IP address 192.168.1.6 Subnet: 255.255.255.0 Gateway: 192.168.1.1. How can I connect to or what I'm doing wrong?</P><P></P><P></P><P>Executing command: interface Ethernet 0/0</P><P>Executing command: switchport access vlan 2</P><P>Executing command: no shutdown</P><P>Executing command: exit</P><P>Executing command: interface Ethernet 0/1</P><P>Executing command: switchport access vlan 1</P><P>Executing command: no shutdown</P><P>Executing command: exit</P><P>Executing command: interface Ethernet 0/2</P><P>Executing command: switchport access vlan 1</P><P>Executing command: no shutdown</P><P>Executing command: exit</P><P>Executing command: interface Ethernet 0/3</P><P>Executing command: switchport access vlan 1</P><P>Executing command: no shutdown</P><P>Executing command: exit</P><P>Executing command: interface Ethernet 0/4</P><P>Executing command: switchport access vlan 1</P><P>Executing command: no shutdown</P><P>Executing command: exit</P><P>Executing command: interface Ethernet 0/5</P><P>Executing command: switchport access vlan 1</P><P>Executing command: no shutdown</P><P>Executing command: exit</P><P>Executing command: interface Ethernet 0/6</P><P>Executing command: switchport access vlan 1</P><P>Executing command: no shutdown</P><P>Executing command: exit</P><P>Executing command: interface Ethernet 0/7</P><P>Executing command: switchport access vlan 1</P><P>Executing command: no shutdown</P><P>Executing command: exit</P><P>Executing command: interface vlan2</P><P>Executing command: nameif outside</P><P>INFO: Security level for "outside" set to 0 by default.</P><P>Executing command: no shutdown</P><P>Executing command: ip address dhcp setroute</P><P>Executing command: exit</P><P>Executing command: interface vlan1</P><P>Executing command: nameif inside</P><P>INFO: Security level for "inside" set to 100 by default.</P><P>Executing command: ip address 192.168.1.1 255.255.255.0</P><P>Executing command: security-level 100</P><P>Executing command: allow-ssc-mgmt</P><P>ERROR: SSC card is not available</P><P>Executing command: no shutdown</P><P>Executing command: exit</P><P>Executing command: object network obj_any</P><P>Executing command: subnet 0.0.0.0 0.0.0.0</P><P>Executing command: nat (inside,outside) dynamic interface</P><P>Executing command: exit</P><P>Executing command: http server enable</P><P>Executing command: http 192.168.1.0 255.255.255.0 inside</P><P>Executing command: dhcpd address 192.168.1.5-192.168.1.36 inside</P><P>Executing command: dhcpd auto_config outside</P><P>Executing command: dhcpd enable inside</P><P>Executing command: logging asdm informational</P><P>Factory-default configuration is completed</P><P>ciscoasa(config)#&nbsp; wr</P><P>Building configuration...</P><P>Cryptochecksum: ee2b2e47 c2886bf3 b45f3afb bccbfb1e</P> Tue, 12 Mar 2019 02:47:11 GMT https://community.cisco.com/t5/network-security/access-to-my-asdm-asa5505/m-p/2329587#M311583 Brainority 2019-03-12T02:47:11Z https://community.cisco.com/t5/network-security/access-to-my-asdm-asa5505/m-p/2329588#M311587 <HTML><HEAD></HEAD><BODY><P>Please provide output of "show ssl". You may need to add strong cipher support.</P><P></P><P><A _jive_internal="true" href="https://community.cisco.com/docs/DOC-24550">Reference</A>.</P></BODY></HTML> Fri, 04 Oct 2013 14:55:07 GMT https://community.cisco.com/t5/network-security/access-to-my-asdm-asa5505/m-p/2329588#M311587 Marvin Rhoads 2013-10-04T14:55:07Z https://community.cisco.com/t5/network-security/access-to-my-asdm-asa5505/m-p/2329589#M311591 <HTML><HEAD></HEAD><BODY><P> I have the same issue with connecting to ASDM via Windows 8.</P><P>I have found that I can connect with Windows XP, but my new laptop is 8 Pro and this is the second new ASA I have installed recently that will not allow me to connect to the ASDM. This one is 6.4.5.</P></BODY></HTML> Fri, 04 Oct 2013 21:25:04 GMT https://community.cisco.com/t5/network-security/access-to-my-asdm-asa5505/m-p/2329589#M311591 cstarr 2013-10-04T21:25:04Z https://community.cisco.com/t5/network-security/access-to-my-asdm-asa5505/m-p/2329590#M311593 <HTML><HEAD></HEAD><BODY><P>Newer browsers do not allow you to connect to SSL servers running weak encyption algorithms (e.g. des). </P><P></P><P>Last year Cisco started turning off the strong algorithms (aes and 3des) by default on ASAs. </P><P></P><P>You can check using the command I suggested above.</P></BODY></HTML> Fri, 04 Oct 2013 21:29:49 GMT https://community.cisco.com/t5/network-security/access-to-my-asdm-asa5505/m-p/2329590#M311593 Marvin Rhoads 2013-10-04T21:29:49Z https://community.cisco.com/t5/network-security/access-to-my-asdm-asa5505/m-p/2329591#M311595 <HTML><HEAD></HEAD><BODY><P> When I run that I get the following.</P><P>ciscoasa# show ssl</P><P>Accept connections using SSLv2, SSLv3 or TLSv1 and negotiate to SSLv3 or TLSv1</P><P>Start connections using SSLv3 and negotiate to SSLv3 or TLSv1</P><P>Enabled cipher order: des-sha1</P><P>Disabled ciphers: 3des-sha1 rc4-md5 rc4-sha1 aes128-sha1 aes256-sha1 null-sha1</P><P>No SSL trust-points configured</P><P>Certificate authentication is not enabled</P><P></P><P>What should I change?</P><P></P><P>Thanks.</P></BODY></HTML> Fri, 04 Oct 2013 21:46:52 GMT https://community.cisco.com/t5/network-security/access-to-my-asdm-asa5505/m-p/2329591#M311595 cstarr 2013-10-04T21:46:52Z https://community.cisco.com/t5/network-security/access-to-my-asdm-asa5505/m-p/2329592#M311596 <HTML><HEAD></HEAD><BODY><P>Yep - note the section that says the only enabled cipher is des-sha1.</P><P></P><P>Fix it by:</P><P></P><PRE style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; padding: 0px 0px 0px 30px; overflow: auto;">conf t &nbsp;&nbsp;&nbsp;&nbsp; ssl encryption aes128-sha1 aes256-sha1 3des-sha1 &nbsp;&nbsp;&nbsp;&nbsp; exit wr mem </PRE><P> Then re-check ASDM.</P></BODY></HTML> Fri, 04 Oct 2013 21:50:52 GMT https://community.cisco.com/t5/network-security/access-to-my-asdm-asa5505/m-p/2329592#M311596 Marvin Rhoads 2013-10-04T21:50:52Z https://community.cisco.com/t5/network-security/access-to-my-asdm-asa5505/m-p/2329593#M311597 <HTML><HEAD></HEAD><BODY><P> Thanks. I found it and I am now downloading the free license to enable it as it baulked when I ran that command.</P></BODY></HTML> Fri, 04 Oct 2013 21:52:25 GMT https://community.cisco.com/t5/network-security/access-to-my-asdm-asa5505/m-p/2329593#M311597 cstarr 2013-10-04T21:52:25Z https://community.cisco.com/t5/network-security/access-to-my-asdm-asa5505/m-p/2329594#M311598 <HTML><HEAD></HEAD><BODY><P>Ah yes, as you note the (free) 3DES-AES license needs to be active to use strong encryption.</P></BODY></HTML> Fri, 04 Oct 2013 21:54:13 GMT https://community.cisco.com/t5/network-security/access-to-my-asdm-asa5505/m-p/2329594#M311598 Marvin Rhoads 2013-10-04T21:54:13Z