Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
934
Views
0
Helpful
5
Replies

ASA 5550 and ASDM

MataKiera
Level 1
Level 1

‎09-19-2013 02:23 PM - edited ‎03-11-2019 07:41 PM

                  Hello,

I hav ASA 5550 with 9.1(2) IOS and ASDM 7.1

The problem is connecting to this asa with asdm and connecting to https. I tried every thing I know.

I downgreadet java and tripple checked my configuration and even erased the whole configuration and re started.

I set this things

Host name

Domain name

user name and password

password enable

the interface

http server enable

http ip addres that can access it

clock

ssh ip address that can access it (which works using the same ip addres as for the http)

When I start the asdm and click connect then see the java debug on the asdm. I see that there is a critical error handshake failed and connection lost.

I can ping the asa and connect via ssh.

the firewall works great but I cant acces https of connect to it using the asdm. I have another asa 5510 with the same ios and asdm that I configure exacly the same and the asdm works.

Labels:
0 Helpful
5 Replies 5

mvsheik123
Level 7
Level 7

‎09-19-2013 02:43 PM

I understand you have working 5510, but can you cross check with the below config (security level does not matter).

https://supportforums.cisco.com/docs/DOC-24877

Thx

MS

0 Helpful

Luis Silva Benavides
Cisco Employee
Cisco Employee

‎09-19-2013 04:45 PM

Hi Tomaz,

Could you please double-check if you have the 3DES license; if you do issue the command sh run all ssl; you should see a large list of hash/encryption algorithm. If you just see a few issue the command clear config ssl

HTH,

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach us"

http://www.cisco.com/web/partners/tools/pdihd.html

Luis Silva
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-19-2013 07:56 PM

Luis's suggestions are on the mark. I would look for check your 3DES-AES license and then look for ssl lines in the configuration to include strong encryption algorithms. Newer ASAs have been shipping without that enabled by default - e.g., "ssl encryption aes256-sha1 aes128-sha1"

0 Helpful

MataKiera
Level 1
Level 1
In response to Marvin Rhoads

‎09-20-2013 11:30 AM

Ok I checked for 3DES-AES and it is on.

I checked with the config and its correctly configured.

Yes I have opened the network with http command.

I was so fristrated that I went and downgraded my asa from 9.1(2) to 8.0(4) with the curent running config after the downgrade the asdm works like a charm. and I can open the https.

I will have to take my time and de bug this asa and IOS for bugs.

Thx for all of your help.

Tomaz

0 Helpful

Antonio Simoes
Level 1
Level 1

‎09-20-2013 01:05 AM

Hi Thomaz,

Post the related part to this issue of your asa config man.

That can be many things.

From the network that you are trying to access ASA you can ping it?

Do you have opened the network with hhtp command to access the asa?

Ex: http 192.168.10.0 255.255.255.0 inside

Regards,

AS

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card