Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2738
Views
15
Helpful
8
Replies

ASA 5506x access https

abojorquez
Level 1
Level 1

‎08-11-2017 01:17 AM - edited ‎02-21-2020 06:13 AM

I have a problema with the  web access to my ASA5506x 

ssl_error_no_cypher_overlap

I dont have web access 

1 person had this problem
0 Helpful
8 Replies 8

B.kablawi90
Level 1
Level 1

‎08-11-2017 03:55 AM

This error means, you are unable to communicate securely with device: no common encryption algorithm

You need to get the 3des license. Once you get the activation key configure it on your device.

"conft

activation-key

wr mem"

then add it yo your ASAM then add it yo your ASAM

"config -- device management -- licenseing -- activation key"

You should active the key then enable the http service and finally configure

"ssl encryption aes256-sha1 aes128-sha1 3des-sha1 des-sha1"

if you still unable to connect, clear all the connection to the IP of the device

"clear conn all x.x.x.x" and make "show asp table socket" to make sure.

Good luck

Dan Hilwory
Level 1
Level 1
In response to B.kablawi90

‎08-13-2017 08:24 AM

Thanks sir. It worked for me.

0 Helpful

E-MAK
Level 1
Level 1
In response to B.kablawi90

‎09-27-2017 07:51 AM

Hello ,
I'm newbie with cisco firewalls , for now i'm buying a ASA 5506-x and i have the same Problem
" ssl error no cypher overlap " .
Please if you have any tutorial it will be helpful .

Thanks you so much

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to E-MAK

‎09-27-2017 07:59 PM - edited ‎09-27-2017 08:00 PM

The procedure described by B.kablawi90 earlier in this thread is accurate. Have you tried that?

 

I would only add that you get the free 3DES-AES license from software.cisco.com under the "Traditional license" section.

 

A more detailed guide can be found below as well:

 

https://supportforums.cisco.com/t5/security-documents/asa-versions-image-names-and-licensing/ta-p/3126264#toc-hId--667791292

E-MAK
Level 1
Level 1
In response to Marvin Rhoads

‎09-28-2017 01:46 AM

Hi , 

Thank you so much for your feed back, 

no i don't try it , because i don't know how can i get the activation key / ASAM / active the key...
for your method , they show me The K9 , and i have ASA 5506-x K8 . 
you can see it in attached piece .

Preview file
23 KB
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to E-MAK

‎09-28-2017 03:31 AM

ASA5500-ENCR-K9 is the correct license for you to request. Adding the "K9" license adds the strong encryption capability to the "K8" type of unit. That is the only difference between an ASA ordered with "K9" vs. "K8" in the part number.

 

Once you get that license and activate it using the instructions that Cisco sends you, you will be able to negotiate a common strong cipher between your client PC and your ASA.

0 Helpful

E-MAK
Level 1
Level 1
In response to Marvin Rhoads

‎09-28-2017 04:15 AM - edited ‎09-28-2017 04:17 AM

Hello ,
It Works ! 
i creat a license in a Cisco.com/go/license and put the activation key in my device then Reload device, And it's Fine .
Thank You so Much Sir . 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to E-MAK

‎09-28-2017 04:26 AM

You're welcome.

 

Please mark the reply as helful since it solved your issue.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card