08-22-2012 06:25 AM - edited 03-11-2019 04:45 PM
Hi everone,
I recently bought an all brand new ASA 5510 and it is here by my side. I'm trying to configure it but when entering https://192.168.1.1/admin I get Page Not Found error on IE. I'm able to ping 192.168.1.1 and have success telnet 443 port.
Any idea?
Regards.
Solved! Go to Solution.
08-22-2012 11:23 AM
Hi Caio,
Apart from checking the Java version, you do necessarily need to add these on the ASA:
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
and
crypto key rsa generate modulus 1024
It should work after this.
Thanks,
Varun Rao
Security Team,
Cisco TAC
08-22-2012 11:26 AM
Hello Caio,
Please add the following command, this should do it
ssl encryption aes256-sha1 aes128-sha1 3des-sha1
Rate all the helpful post
Julio
08-22-2012 06:39 AM
Hi Caio,
Can you please share an output of:
show run asdm
show run http
show crypto key mypubkey rsa
show run all ssl
You can also follow this doc for troubleshooting:
https://supportforums.cisco.com/docs/DOC-15016
Hope this helps.
Thanks,
Varun Rao
Security Team,
Cisco TAC
08-22-2012 07:04 AM
Hi Varun,
sh run http:
http server enable
http 192.168.1.0 255.255.255.0 management
sh run all ssl:
ssl server-version any
ssl client-version any
ssl encryption des-sha1
The other two return nothing.
Thanks!
08-22-2012 06:42 AM
I assume you are plugged directly into the Mgmt Ethernet port and getting a DHCP address from the ASA (or have manually assigned yourself one in the 192.168.1.0/24 network).
Can you check the output (from console) of "show activation-key"? Look for the 3DES/AES license to be active.
I have seen issue with updated browsers not working with ASDM due to the encryption expected by the browser's security settings not being active on the ASA. It is a free upgrade - go to www.cisco.com/go/licensing to get an activation key for 3DES/AES.
08-22-2012 07:00 AM
Hi Marvin
VPN-3DES-AES : Disabled
Is this one?
Thanks!
08-22-2012 07:27 AM
Hi Caio,
Yes, as correctly mentioned by Marvin, you would need a 3DES license for it, but its not an issue, you can generate free license from this site:
https://tools.cisco.com/SWIFT/LicensingUI/loadDemoLicensee?FormId=139
Hope that helps.
Thanks,
Varun Rao
Security Team,
Cisco TAC
08-22-2012 07:45 AM
Hi,
Thanks for helping. I added the license but the problem keeps happening.
08-22-2012 07:47 AM
Then can you please share teh outputs I requested
Thanks,
Varun Rao
Security Team,
Cisco TAC
08-22-2012 07:54 AM
Sorry, I replied this on your post. Here goes again:
Hi Varun,
sh run http:
http server enable
http 192.168.1.0 255.255.255.0 management
sh run all ssl:
ssl server-version any
ssl client-version any
ssl encryption des-sha1
The other two return nothing.
Thanks!
08-22-2012 10:35 AM
Hi Bro
Do you have the latest java version from www.java.com installed on your workstation that's directly connected to the Management 0/0 interface? Furthermore, please do remove the proxy settings in your Internet Browser. Is this issue happening to all workstations when trying to access the ASDM or only your workstation?
08-22-2012 10:49 AM
Hi,
Going to try other CPU and updating my Java.
Thanks for the tip!
08-22-2012 11:23 AM
Hi Caio,
Apart from checking the Java version, you do necessarily need to add these on the ASA:
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
and
crypto key rsa generate modulus 1024
It should work after this.
Thanks,
Varun Rao
Security Team,
Cisco TAC
08-22-2012 11:26 AM
Hello Caio,
Please add the following command, this should do it
ssl encryption aes256-sha1 aes128-sha1 3des-sha1
Rate all the helpful post
Julio
08-23-2012 04:58 AM
Thanks Varun and jcarvaja!
Both answers correct.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: