Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3915
Views
0
Helpful
1
Replies

Cisco ASDM TLS issue

standrews
Level 1
Level 1

‎08-07-2019 06:18 AM

Hi I have Cisco ASA 5506 and I used to be able to connect to the asa via asdm, always working, but today I was told to hardening the asa, so I disabled the TLS 1.0/1.1 only allow TLS1.2, see below command 

 

ssl server-version tlsv1.2
ssl client-version tlsv1.2
ssl cipher tlsv1.2 high
ssl dh-group group24

 

 

and after I done this, I just couldn't connect to ASDM anymore, I can still ssh to the asa fine, when troubleshoot the from the java console it just said HandshakeException: Received fatal alert: handshake_failure

 

so is there anyway I can still use asdm but not enable tls1.0/1.1? many thanks 

 

 

Labels:
0 Helpful
1 Reply 1

Mohammed al Baqari
Level 11
Level 11

‎08-07-2019 08:52 AM

Make sure that your ASDM version supports your handshake version. Also, you
need to upgrade your JRE to supported version.

Also, you may want to have Java Cryptography extension

https://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

See this post for more details

https://community.cisco.com/t5/security-analytics-and/asdm-aes-256-not-supported/td-p/2790184

**** remember to rate useful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card