10-04-2013 03:31 AM - edited 03-11-2019 07:47 PM
Hi I have been using a few days the firewall ASA5505 they've completely put new, the ASA Version 8.4 (2) have been playing and the ASDM version 6.4 (9). I have the Basic Config loaded with the command "conf t" and "Facorty default-config."
Now I want to connect to this firewall, but this is not because he always says he unable to connect to the firewall. The IP settings I have the following: IP address 192.168.1.6 Subnet: 255.255.255.0 Gateway: 192.168.1.1. How can I connect to or what I'm doing wrong?
Executing command: interface Ethernet 0/0
Executing command: switchport access vlan 2
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/1
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/2
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/3
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/4
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/5
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/6
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/7
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface vlan2
Executing command: nameif outside
INFO: Security level for "outside" set to 0 by default.
Executing command: no shutdown
Executing command: ip address dhcp setroute
Executing command: exit
Executing command: interface vlan1
Executing command: nameif inside
INFO: Security level for "inside" set to 100 by default.
Executing command: ip address 192.168.1.1 255.255.255.0
Executing command: security-level 100
Executing command: allow-ssc-mgmt
ERROR: SSC card is not available
Executing command: no shutdown
Executing command: exit
Executing command: object network obj_any
Executing command: subnet 0.0.0.0 0.0.0.0
Executing command: nat (inside,outside) dynamic interface
Executing command: exit
Executing command: http server enable
Executing command: http 192.168.1.0 255.255.255.0 inside
Executing command: dhcpd address 192.168.1.5-192.168.1.36 inside
Executing command: dhcpd auto_config outside
Executing command: dhcpd enable inside
Executing command: logging asdm informational
Factory-default configuration is completed
ciscoasa(config)# wr
Building configuration...
Cryptochecksum: ee2b2e47 c2886bf3 b45f3afb bccbfb1e
10-04-2013 07:55 AM
Please provide output of "show ssl". You may need to add strong cipher support.
10-04-2013 02:25 PM
I have the same issue with connecting to ASDM via Windows 8.
I have found that I can connect with Windows XP, but my new laptop is 8 Pro and this is the second new ASA I have installed recently that will not allow me to connect to the ASDM. This one is 6.4.5.
10-04-2013 02:29 PM
Newer browsers do not allow you to connect to SSL servers running weak encyption algorithms (e.g. des).
Last year Cisco started turning off the strong algorithms (aes and 3des) by default on ASAs.
You can check using the command I suggested above.
10-04-2013 02:46 PM
When I run that I get the following.
ciscoasa# show ssl
Accept connections using SSLv2, SSLv3 or TLSv1 and negotiate to SSLv3 or TLSv1
Start connections using SSLv3 and negotiate to SSLv3 or TLSv1
Enabled cipher order: des-sha1
Disabled ciphers: 3des-sha1 rc4-md5 rc4-sha1 aes128-sha1 aes256-sha1 null-sha1
No SSL trust-points configured
Certificate authentication is not enabled
What should I change?
Thanks.
10-04-2013 02:50 PM
Yep - note the section that says the only enabled cipher is des-sha1.
Fix it by:
conf t ssl encryption aes128-sha1 aes256-sha1 3des-sha1 exit wr mem
Then re-check ASDM.
10-04-2013 02:52 PM
Thanks. I found it and I am now downloading the free license to enable it as it baulked when I ran that command.
10-04-2013 02:54 PM
Ah yes, as you note the (free) 3DES-AES license needs to be active to use strong encryption.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide