Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1812
Views
5
Helpful
5
Replies

Cannot Access ASDM on Cisco 5506-X

sjs2222
Level 1
Level 1

‎11-12-2018 05:16 AM - edited ‎02-21-2020 08:27 AM

Hello,

 

 

 

I cannot get ASDM to work on my ASA 5506-X. When accessing https://ipaddr/admin I get an error regarding unsupported ciphers/SSL or unsupported protocol. I have done troubleshooting according to this guide:

 

https://community.cisco.com/t5/security-documents/asdm-access-troubleshooting/ta-p/3122148

 

The license required for the strong ciphers is applied and I have tried several config changes using the 'ssl ciphers' and 'ssl encryption' command. I have attached the show run and show versions output to this post.

 

 

SJS

Preview file
7 KB
0 Helpful
5 Replies 5

mls577
Level 1
Level 1

‎11-16-2018 07:03 PM

@sjs2222 wrote:

Hello,

 

 

 

I cannot get ASDM to work on my ASA 5506-X. When accessing https://ipaddr/admin I get an error regarding unsupported ciphers/SSL or unsupported protocol. I have done troubleshooting according to this guide:

 

https://community.cisco.com/t5/security-documents/asdm-access-troubleshooting/ta-p/3122148

 

The license required for the strong ciphers is applied and I have tried several config changes using the 'ssl ciphers' and 'ssl encryption' command. I have attached the show run and show versions output to this post.

 

 

SJS

Are you using an older OS / browser? You have tls 1.1 and fips ciphers enabled which could be an issue. Also, I'd try different browsers, they might not like the self signed certificate the ASA is using.

Also I'd add: 

aaa authentication http console LOCAL

Also try manually specifying ASDM with its full name as it's shown in flash:

asdm image flash:fullasdmfilename

venkat_n7
Level 1
Level 1

‎11-18-2018 04:53 PM

Hi,

remove ssl commands for time being. and follow mls577 commands. you should be good.

Please rate comments and support
with regards,
Venkat
0 Helpful

sjs2222
Level 1
Level 1
In response to venkat_n7

‎11-19-2018 04:48 AM

Thanks for the suggestions, I have tried the below and still have the same result:

 

no ssl server-version tlsv1.1
no ssl client-version tlsv1.1
no ssl cipher tlsv1.1 fips

asdm image flash disk0:/asdm-761.bin

aaa authentication http console LOCAL

 

Do you have any other ideas? It's really strange because this firewall is new and I haven't done anything to it. I am really surprised it doesn't work straight out the box. 

0 Helpful

Marius Gunnerud
VIP
VIP
In response to sjs2222

‎11-19-2018 01:58 PM

What is the output of show run all ssl ?

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

mls577
Level 1
Level 1
In response to sjs2222

‎11-19-2018 10:11 PM

@sjs2222 wrote:

Thanks for the suggestions, I have tried the below and still have the same result:

 

no ssl server-version tlsv1.1
no ssl client-version tlsv1.1
no ssl cipher tlsv1.1 fips

asdm image flash disk0:/asdm-761.bin

aaa authentication http console LOCAL

 

Do you have any other ideas? It's really strange because this firewall is new and I haven't done anything to it. I am really surprised it doesn't work straight out the box. 

At this point, I'm going to go with the issue either being asdm version or a client issue with your browsers. Have you tried different browsers? If that doesn't work, can you try uploading a newer asdm image to the asa?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card