cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
900
Views
0
Helpful
7
Replies

Access to my ASDM ASA5505

Brainority
Level 1
Level 1

Hi I have been using a few days the firewall ASA5505 they've completely put new, the ASA Version 8.4 (2) have been playing and the ASDM version 6.4 (9). I have the Basic Config loaded with the command "conf t" and "Facorty default-config."

Now I want to connect to this firewall, but this is not because he always says he unable to connect to the firewall. The IP settings I have the following: IP address 192.168.1.6 Subnet: 255.255.255.0 Gateway: 192.168.1.1. How can I connect to or what I'm doing wrong?

Executing command: interface Ethernet 0/0

Executing command: switchport access vlan 2

Executing command: no shutdown

Executing command: exit

Executing command: interface Ethernet 0/1

Executing command: switchport access vlan 1

Executing command: no shutdown

Executing command: exit

Executing command: interface Ethernet 0/2

Executing command: switchport access vlan 1

Executing command: no shutdown

Executing command: exit

Executing command: interface Ethernet 0/3

Executing command: switchport access vlan 1

Executing command: no shutdown

Executing command: exit

Executing command: interface Ethernet 0/4

Executing command: switchport access vlan 1

Executing command: no shutdown

Executing command: exit

Executing command: interface Ethernet 0/5

Executing command: switchport access vlan 1

Executing command: no shutdown

Executing command: exit

Executing command: interface Ethernet 0/6

Executing command: switchport access vlan 1

Executing command: no shutdown

Executing command: exit

Executing command: interface Ethernet 0/7

Executing command: switchport access vlan 1

Executing command: no shutdown

Executing command: exit

Executing command: interface vlan2

Executing command: nameif outside

INFO: Security level for "outside" set to 0 by default.

Executing command: no shutdown

Executing command: ip address dhcp setroute

Executing command: exit

Executing command: interface vlan1

Executing command: nameif inside

INFO: Security level for "inside" set to 100 by default.

Executing command: ip address 192.168.1.1 255.255.255.0

Executing command: security-level 100

Executing command: allow-ssc-mgmt

ERROR: SSC card is not available

Executing command: no shutdown

Executing command: exit

Executing command: object network obj_any

Executing command: subnet 0.0.0.0 0.0.0.0

Executing command: nat (inside,outside) dynamic interface

Executing command: exit

Executing command: http server enable

Executing command: http 192.168.1.0 255.255.255.0 inside

Executing command: dhcpd address 192.168.1.5-192.168.1.36 inside

Executing command: dhcpd auto_config outside

Executing command: dhcpd enable inside

Executing command: logging asdm informational

Factory-default configuration is completed

ciscoasa(config)#  wr

Building configuration...

Cryptochecksum: ee2b2e47 c2886bf3 b45f3afb bccbfb1e

7 Replies 7

Marvin Rhoads
Hall of Fame
Hall of Fame

Please provide output of "show ssl". You may need to add strong cipher support.

Reference.

I have the same issue with connecting to ASDM via Windows 8.

I have found that I can connect with Windows XP, but my new laptop is 8 Pro and this is the second new ASA I have installed recently that will not allow me to connect to the ASDM. This one is 6.4.5.

Newer browsers do not allow you to connect to SSL servers running weak encyption algorithms (e.g. des).

Last year Cisco started turning off the strong algorithms (aes and 3des) by default on ASAs.

You can check using the command I suggested above.

When I run that I get the following.

ciscoasa# show ssl

Accept connections using SSLv2, SSLv3 or TLSv1 and negotiate to SSLv3 or TLSv1

Start connections using SSLv3 and negotiate to SSLv3 or TLSv1

Enabled cipher order: des-sha1

Disabled ciphers: 3des-sha1 rc4-md5 rc4-sha1 aes128-sha1 aes256-sha1 null-sha1

No SSL trust-points configured

Certificate authentication is not enabled

What should I change?

Thanks.

Yep - note the section that says the only enabled cipher is des-sha1.

Fix it by:

conf t
     ssl encryption aes128-sha1 aes256-sha1 3des-sha1
     exit
wr mem

Then re-check ASDM.

Thanks. I found it and I am now downloading the free license to enable it as it baulked when I ran that command.

Ah yes, as you note the (free) 3DES-AES license needs to be active to use strong encryption.

Review Cisco Networking for a $25 gift card