cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


187
Views
0
Helpful
1
Replies
Beginner

Cisco ASDM TLS issue

Hi I have Cisco ASA 5506 and I used to be able to connect to the asa via asdm, always working, but today I was told to hardening the asa, so I disabled the TLS 1.0/1.1 only allow TLS1.2, see below command 

 

ssl server-version tlsv1.2
ssl client-version tlsv1.2
ssl cipher tlsv1.2 high
ssl dh-group group24

 

 

and after I done this, I just couldn't connect to ASDM anymore, I can still ssh to the asa fine, when troubleshoot the from the java console it just said HandshakeException: Received fatal alert: handshake_failure

 

so is there anyway I can still use asdm but not enable tls1.0/1.1? many thanks 

 

 

1 REPLY 1
Highlighted
VIP Advisor

Re: Cisco ASDM TLS issue

Make sure that your ASDM version supports your handshake version. Also, you
need to upgrade your JRE to supported version.

Also, you may want to have Java Cryptography extension

https://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

See this post for more details

https://community.cisco.com/t5/security-analytics-and/asdm-aes-256-not-supported/td-p/2790184

**** remember to rate useful posts