04-20-2015 04:43 AM - edited 03-11-2019 10:48 PM
Hi guys,
I've configured a 5512 ASA that sits on the edge of our network as per attached document.
I can access the outside interface from within the LAN. However, when I use a public internet connection, I'm not able to access the outside interface nor can I ping it even though I've allowed it in the ACL.
Will you be kind enough to have a look and see if I've missed anything please?
I've omitted irrelevant configs and change the IP addresses not to reflect real live environment.
Solved! Go to Solution.
04-20-2015 05:24 AM
What error message are you seeing? When you say you can't connect, how are you trying to connect? Are you running the ASDM launcher or just via web browser?
Try this command below too?
aaa authentication http console LOCAL
04-20-2015 06:14 AM
Hi,
Run the debug command, when you are trying to access via the browser and share the output:
debug http 255
Also, try adding the command aaa authentication http console LOCAL.
Can you ping the host on the internet from the firewall?
04-20-2015 05:24 AM
What error message are you seeing? When you say you can't connect, how are you trying to connect? Are you running the ASDM launcher or just via web browser?
Try this command below too?
aaa authentication http console LOCAL
04-20-2015 06:14 AM
Hi,
Run the debug command, when you are trying to access via the browser and share the output:
debug http 255
Also, try adding the command aaa authentication http console LOCAL.
Can you ping the host on the internet from the firewall?
04-21-2015 04:00 AM
Hi,
many thanks for your reply.
I've added the aaa command and I can access the FW external interface using ASDM from the Public Internet. I still cannot https into it though.
The error I get is:
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
I looked at this and changed the SSL version to 3 on chrome, but this didn't fix the issue
Debug output didn't display any entries other than the idle one.
Looked into the SSL version on the firewall and found:
PUBLIC-ASA-Router# sh ssl
Accept connections using SSLv2, SSLv3 or TLSv1 and negotiate to SSLv3 or TLSv1
Start connections using SSLv3 and negotiate to SSLv3 or TLSv1
Enabled cipher order: des-sha1
Disabled ciphers: 3des-sha1 rc4-md5 rc4-sha1 aes128-sha1 aes256-sha1 dhe-aes128-sha1 dhe-aes256-sha1 null-sha1
No SSL trust-points configured
Certificate authentication is not enabled
Googled this and found this command:
ssl encryption aes256-sha1 aes128-sha1 3des-sha1
And all is working fine now.
:)
Many thanks for your help and support guys.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide