Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1725
Views
24
Helpful
13
Replies

ASDM Problems

Go to solution
caioamonteiro
Level 1
Level 1

‎08-22-2012 06:25 AM - edited ‎03-11-2019 04:45 PM

Hi everone,

I recently bought an all brand new ASA 5510 and it is here by my side. I'm trying to configure it but when entering https://192.168.1.1/admin I get Page Not Found error on IE. I'm able to ping 192.168.1.1 and have success telnet 443 port.

Any idea?

Regards.             

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
varrao
Level 10
Level 10
In response to caioamonteiro

‎08-22-2012 11:23 AM

Hi Caio,

Apart from checking the Java version, you do necessarily need to add these on the ASA:

ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1

and

crypto key rsa generate modulus 1024

It should work after this.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

View solution in original post

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to caioamonteiro

‎08-22-2012 11:26 AM

Hello Caio,

Please add the following command, this should do it

ssl encryption aes256-sha1 aes128-sha1 3des-sha1

Rate all the helpful post

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
13 Replies 13

Go to solution
varrao
Level 10
Level 10

‎08-22-2012 06:39 AM

Hi Caio,

Can you please share an output of:

show run asdm

show run http

show crypto key mypubkey rsa

show run all ssl

You can also follow this doc for troubleshooting:

https://supportforums.cisco.com/docs/DOC-15016

Hope this helps.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

Go to solution
caioamonteiro
Level 1
Level 1
In response to varrao

‎08-22-2012 07:04 AM

Hi Varun,

sh run http:

http server enable

http 192.168.1.0 255.255.255.0 management

sh run all ssl:

ssl server-version any

ssl client-version any

ssl encryption des-sha1

The other two return nothing.

Thanks!

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-22-2012 06:42 AM

I assume you are plugged directly into the Mgmt Ethernet port and getting a DHCP address from the ASA (or have manually assigned yourself one in the 192.168.1.0/24 network).

Can you check the output (from console) of "show activation-key"? Look for the 3DES/AES license to be active.

I have seen issue with updated browsers not working with ASDM due to the encryption expected by the browser's security settings not being active on the ASA. It is a free upgrade - go to www.cisco.com/go/licensing to get an activation key for 3DES/AES.

Go to solution
caioamonteiro
Level 1
Level 1
In response to Marvin Rhoads

‎08-22-2012 07:00 AM

Hi Marvin

VPN-3DES-AES                   : Disabled

Is this one?

Thanks!

0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to caioamonteiro

‎08-22-2012 07:27 AM

Hi Caio,

Yes, as correctly mentioned by Marvin, you would need a 3DES license for it, but its not an issue, you can generate free license from  this site:

https://tools.cisco.com/SWIFT/LicensingUI/loadDemoLicensee?FormId=139

Hope that helps.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

Go to solution
caioamonteiro
Level 1
Level 1
In response to varrao

‎08-22-2012 07:45 AM

Hi,

Thanks for helping. I added the license but the problem keeps happening.

0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to caioamonteiro

‎08-22-2012 07:47 AM

Then  can you please share teh outputs I requested

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

Go to solution
caioamonteiro
Level 1
Level 1
In response to varrao

‎08-22-2012 07:54 AM

Sorry, I replied this on your post. Here goes again:

Hi Varun,

sh run http:

http server enable

http 192.168.1.0 255.255.255.0 management

sh run all ssl:

ssl server-version any

ssl client-version any

ssl encryption des-sha1

The other two return nothing.

Thanks!

0 Helpful

Go to solution
Ramraj Sivagnanam Sivajanam
Level 4
Level 4
In response to caioamonteiro

‎08-22-2012 10:35 AM

Hi Bro

Do you have the latest java version from www.java.com installed on your workstation that's directly connected to the Management 0/0 interface? Furthermore, please do remove the proxy settings in your Internet Browser. Is this issue happening to all workstations when trying to access the ASDM or only your workstation?

Warm regards,
Ramraj Sivagnanam Sivajanam

Go to solution
caioamonteiro
Level 1
Level 1
In response to Ramraj Sivagnanam Sivajanam

‎08-22-2012 10:49 AM

Hi,

Going to try other CPU and updating my Java.

Thanks for the tip!

0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to caioamonteiro

‎08-22-2012 11:23 AM

Hi Caio,

Apart from checking the Java version, you do necessarily need to add these on the ASA:

ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1

and

crypto key rsa generate modulus 1024

It should work after this.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao
0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to caioamonteiro

‎08-22-2012 11:26 AM

Hello Caio,

Please add the following command, this should do it

ssl encryption aes256-sha1 aes128-sha1 3des-sha1

Rate all the helpful post

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
caioamonteiro
Level 1
Level 1

‎08-23-2012 04:58 AM

Thanks Varun and jcarvaja!

Both answers correct.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card