Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1383
Views
0
Helpful
3
Replies

Access to ASA from outside

Go to solution
haidar_alm
Level 1
Level 1

‎04-20-2015 04:43 AM - edited ‎03-11-2019 10:48 PM

Hi guys,

I've configured a 5512 ASA that sits on the edge of our network as per attached document.

I can access the outside interface from within the LAN. However, when I use a public internet connection, I'm not able to access the outside interface nor can I ping it even though I've allowed it in the ACL.

Will you be kind enough to have a look and see if I've missed anything please?

 

I've omitted irrelevant configs and change the IP addresses not to reflect real live environment.

 

 

 


 

Labels:
Preview file
2 KB
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Andre Neethling
Level 4
Level 4

‎04-20-2015 05:24 AM

What error message are you seeing? When you say you can't connect, how are you trying to connect? Are you running the ASDM launcher or just via web browser?

Try this command below too?

aaa authentication http console LOCAL

View solution in original post

0 Helpful

Go to solution
shrising
Level 1
Level 1

‎04-20-2015 06:14 AM

Hi,

Run the debug command, when you are trying to access via the browser  and share the output:

debug http 255

Also, try adding the command aaa authentication http console LOCAL.

Can you ping the host on the internet from the firewall?

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Andre Neethling
Level 4
Level 4

‎04-20-2015 05:24 AM

What error message are you seeing? When you say you can't connect, how are you trying to connect? Are you running the ASDM launcher or just via web browser?

Try this command below too?

aaa authentication http console LOCAL

0 Helpful

Go to solution
shrising
Level 1
Level 1

‎04-20-2015 06:14 AM

Hi,

Run the debug command, when you are trying to access via the browser  and share the output:

debug http 255

Also, try adding the command aaa authentication http console LOCAL.

Can you ping the host on the internet from the firewall?

0 Helpful

Go to solution
haidar_alm
Level 1
Level 1
In response to shrising

‎04-21-2015 04:00 AM

Hi,

many thanks for your reply.

I've added the aaa command and I can access the FW external interface using ASDM from the Public Internet. I still cannot https into it though.
The error I get is:
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
I looked at this and changed the SSL version to 3 on chrome, but this didn't fix the issue

Debug output didn't display any entries other than the idle one.

Looked into the SSL version on the firewall and found:

PUBLIC-ASA-Router# sh ssl
Accept connections using SSLv2, SSLv3 or TLSv1 and negotiate to SSLv3 or TLSv1
Start connections using SSLv3 and negotiate to SSLv3 or TLSv1
Enabled cipher order: des-sha1
Disabled ciphers: 3des-sha1 rc4-md5 rc4-sha1 aes128-sha1 aes256-sha1 dhe-aes128-sha1 dhe-aes256-sha1 null-sha1
No SSL trust-points configured
Certificate authentication is not enabled

Googled this and found this command:
ssl encryption aes256-sha1 aes128-sha1 3des-sha1

And all is working fine now.
:)

Many thanks for your help and support guys.

 

 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card