cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
749
Views
0
Helpful
2
Replies
florianlocker
Beginner

ASDM 7.9(2) on ASA5506 doent work with Java7 U.67

I have a problem with a Windows Server 2003, Java 7 Update 67 and ASDM 7.9(2). When i start the IDM a "Certifikation Error" appears.

ASDM will start up using Java Web Start. For ASDM 7.3(1) and later, you will be prompted to follow the wizard to create a self-signed certficate. For earlier ASDM versions, follow the manual instructions to create a self-signed certificate.Would you like to continue with self-signed cert enrollment?

When i click "yes" a get an error. "Application coulnd't start". Only with the ASA 5506 can I got this error. 4 other ASA 5505 work this way.

 

Here config snippets from the 5506:

 

gw# sh run ssl
ssl cipher default custom "AES256-SHA:AES128-SHA"
ssl cipher tlsv1 custom "AES256-SHA:AES128-SHA"
ssl cipher tlsv1.1 custom "DHE-RSA-AES256-SHA,DHE-RSA-AES128-SHA,AES256-SHA,AES128-SHA"
ssl cipher tlsv1.2 custom "DHE-RSA-AES256-SHA,DHE-RSA-AES128-SHA,AES256-SHA,AES128-SHA"
ssl cipher dtlsv1 custom "AES256-SHA:AES128-SHA"
ssl dh-group group24
ssl ecdh-group group21

gw# sh run http
http server enable 65443
http ***-INSIDE 255.255.255.0 inside
http *** 255.255.255.0 outside
http ***-INSIDE 255.255.255.0 inside
http ***-INSIDE 255.255.255.0 inside
http ***-INSIDE 255.255.255.0 inside
gw# sh run aaa
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication login-history

 

It seems that the combination Windows Server 2003, the Java Version and the ASA5506 is a problem. I tested it with Win10 and 8 with new the latest Java Version their is no problem. We cant update this Win Server 2003 and java. The Installation closing without an error.

Has someone a workaround for my problem?

 

2 REPLIES 2
Ben Walters
Participant

I am guessing it is an SSL issue and settings that your old Java is trying to use.

 

If you check the logs when trying to connect it will tell you which TLS version you are using, and it might give you an idea on why it is failing. From there try adding in ciphers for that version of TLS and see if there is one that will work with your setup.

 

Additionally, you might want to try creating a self signed cert for the ASA and adding it to the trusted sites for Java. Hopefully this helps.

 

I don't have a similar setup to test on but it is usually the ciphers when dealing with old java and new ASDM or the other way around.

I tryed low ciphers earlier, but it doens't help. My next step was to create a certificate and import this into java. That doens't worked too.

We can use the ASDM with other computers and thats ok.