ASA Setup HELP - SSL

woodjl1650 — Mon, 11 Mar 2019 21:18:59 GMT

I am trying to setup SSL so I can manage my ASA via any internet browser on my network. I am new to the cisco world, but I think I have most of it down. When I try to log into the ASA via firefox I get:

Cannot communicate securely with peer: no common encryption algorithm(s).

(Error code: ssl_error_no_cypher_overlap)

Below is my current config ( I have a lot of extra info that populates everytime I enter a command, not sure what I turned on, but if you have a fix to clear that as well, I would apprciate it.

ASA Version 8.2(3)wn coldstart' comm

hostname Wood-ASA1-if

%ASA-5-111008:

domain-name lv.cox.net the 'inspect ip-optio

enable password 8Ry2YjIyt7RRXU24 encrypted8cb69fe 20cfb60adisk0:/asa823.bin

passwd 2KFQnbNIdI.2KYOU encrypteded the 'service-policy global_pol

namesobal'

interface Ethernet0/0in ^

switchport access vlan 2%ASA-5-

command.ser 'Con

interface Ethernet0/1ig' executed the 'pro

interface Ethernet0/2mand.tics access-lirv

interface Ethernet0/3 securi

rd DfltAccess

interface Etherne

interface Vlan1ecuted the 'pro

nameif inside' command.omma

security-level 100

%ASA-5-111008: Use

ip address 192.168.1.1 255.255.255.01008: User 'Config' executed the 'no

interface Vlan2 the '

%ASA-5-1

nameif outsidefig' executed t

security-level 0-5-111008: User '

ip address dhcp setrouteination address http http

boot system disk0:/asa823-k8.bing' executed the 'class-map inspe

boot config disk0:/asa823.binom/its/service/oddce/services

ftp mode passivemand. User 'Conf

dns server-group DefaultDNS User 'Config' execut

%ASA-

domain-name lv.cox.netexecuted the 'destinati

object-group icmp-type ICMP-INBOUNDation linkup linkdown coldstart' co

description Permit necessary inbound ICMP trafficand.'policy-map type

%ASA-5-111008: User 'Config'

icmp-object echo-replyon transport-method htt

icmp-object unreachable

s_map' command.t

icmp-object t

%ASA-

logging buffered warningsecuted the 'subscribe-to-

logging asdm notificationsxecuted t

%ASA-5-111008: U

mtu inside 1500cuted the 'poli

mtu outside 1500ct

riodic month

icmp unreachable rate-limit 1 burst-size 1-111008: User 'Config' executed the 'subsc

asdm image disk0:/asdm-625.bino5-111008: User 'Config' execu

no asdm history enablemmand.outside' command

arp timeout 14400monthly' command.

nat-control

%ASA-5-111

global (outside) 1 interfacenfig' executed the 'subscrib

nat (inside) 1 0.0.0.0 0.0.0.0andasa# threat-detec

d.n

%ASA

access-group INBOUND in interface outside08: Us

riodic daily' command.e

timeout xlate 3:

aaa authentication ssh console LOCALe Ethernet0/5, changed state to admi

http server enableas

%ASA-5-111008:

http 192.168.1.0 255.255.255.0 inside' executed the

%ASA-4-411003: Interfa

no snmp-server locationstate to administra con

no snmp-server contact

telnet timeout 5# nat-contr

%ASA

ssh 0.0.0.0 0.0.0.0 insideec

%ASA-4-411001: Line pro

ssh 0.0.0.0 0.0.0.0 outside/3, changed state to upomma

ssh timeout 5SA-5-111

%ASA

console timeout 0onfig' executed t

dhcpd dns 8.8.8.8 8.8.4.4ne protocol on Interface

dhcpd auto_config outside to ups_map' com

%ASA-5-1

dhcpd address 192.168.1.2-192.168.1.33 insideommand

enableR: % I

Password:SA-5-1110

Wood-A

dhcpd dns 8.8.8.8 8.8.4.4 interface inside: Uname: enable_15 From: 1 To:pect netbios

dhcpd enable insidescoas

%ASA-5-111008

threat-detection basic-threat%ASA-5-111008: User 'enable_1

threat-detection statistics acce

.0.0.0 0.0.0.

parametersprompt host

message-length maximum client auto1008: User 'enable_15' executed the

message-length maximum 512A-5-111008: User 'Config' ex

policy-map type inspect dns prsent_dns_map 0/0' command. executed the 'inspe

no shut

parametersA-5

Wood-AS

message-length maximum 512 Interface Ethernet0/0, chan

policy-map global_policyg' executed the 'inspect

class inspection_defaultA-5-111008: User 'Con

ini

inspect dns preset_dns_map

%ASA-5-111008: User 'enable

inspect ftpthe 'no shutd

inspect h323 h225111008: User 'Confi

inspect h323 rasstination address

inspect rsh1001: Line pr

inspect ip-options

service-policy global_policy global

prompt hostname context

call-home

profile CiscoTAC-1

no active

destination address http https://tools.cisco.com/its/service/oddce/services/DD

CEService

destination address email callhome@cisco.com

destination transport-method http

subscribe-to-alert-group diagnostic

subscribe-to-alert-group environment

subscribe-to-alert-group inventory periodic monthly

subscribe-to-alert-group configuration periodic monthly

subscribe-to-alert-group telemetry periodic daily

Cryptochecksum:c3a35118ab34143a5e73e414ead343c1

ASA Setup HELP - SSL

Maykol Rojas — Wed, 31 Aug 2011 18:03:39 GMT

Hi,

When you mean setting up SSL, the concept is too big, can mean SSLVPN, WebVPN, ASDM etc. Are you trying to setup ASDM to manage your device, or are you trying to configure a VPN anyconnect so you can manage your device?

Thanks!

Mike

ASA Setup HELP - SSL

woodjl1650 — Wed, 31 Aug 2011 18:07:55 GMT

SSL VPN and VPN anyconnect

ASA Setup HELP - SSL

Maykol Rojas — Wed, 31 Aug 2011 18:14:34 GMT

Hi,

It would be better if you move the case to the VPN forum, they will assist you better. On your configuration, I cannot see anything configured yet. Here is a guide that you can follow:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/svc.html

Mike

topic ASA Setup HELP - SSL in Network Security

ASA Setup HELP - SSL

ASA Setup HELP - SSL

ASA Setup HELP - SSL

ASA Setup HELP - SSL