Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
838
Views
0
Helpful
3
Replies

ASA Setup HELP - SSL

woodjl1650
Level 1
Level 1

‎08-31-2011 09:57 AM - edited ‎03-11-2019 02:18 PM

I am trying to setup SSL so I can manage my ASA via any internet browser on my network.  I am new to the cisco world, but I think I have most of it down.  When I try to log into the ASA via firefox I get:

Cannot communicate securely with peer: no common encryption algorithm(s).

(Error code: ssl_error_no_cypher_overlap)

Below is my current config ( I have a lot of extra info that populates everytime I enter a command, not sure what I turned on, but if you have a fix to clear that as well, I would apprciate it.

ASA Version 8.2(3)wn coldstart' comm

!d

hostname Wood-ASA1-if

%ASA-5-111008:

domain-name lv.cox.net the 'inspect ip-optio

enable password 8Ry2YjIyt7RRXU24 encrypted8cb69fe 20cfb60adisk0:/asa823.bin      

%

passwd 2KFQnbNIdI.2KYOU encrypteded the 'service-policy global_pol

namesobal'

!a

interface Ethernet0/0in        ^         

switchport access vlan 2%ASA-5-

command.ser 'Con

!S

interface Ethernet0/1ig' executed the 'pro

!t

interface Ethernet0/2mand.tics access-lirv

!-

interface Ethernet0/3 securi

rd DfltAccess

!l

interface Etherne              

interface Vlan1ecuted the 'pro

nameif inside' command.omma

security-level 100

%ASA-5-111008: Use

ip address 192.168.1.1 255.255.255.01008: User 'Config' executed the 'no

!t

interface Vlan2 the '

%ASA-5-1

nameif outsidefig' executed t

security-level 0-5-111008: User '

ip address dhcp setrouteination address http http

!/

boot system disk0:/asa823-k8.bing' executed the 'class-map inspe

boot config disk0:/asa823.binom/its/service/oddce/services

ftp mode passivemand. User 'Conf

dns server-group DefaultDNS User 'Config' execut

%ASA-

domain-name lv.cox.netexecuted the 'destinati

object-group icmp-type ICMP-INBOUNDation linkup linkdown coldstart' co

description Permit necessary inbound ICMP trafficand.'policy-map type

%ASA-5-111008: User 'Config'

icmp-object echo-replyon transport-method htt

icmp-object unreachable

s_map' command.t

icmp-object t            

%ASA-

logging buffered warningsecuted the 'subscribe-to-

logging asdm notificationsxecuted t

%ASA-5-111008: U

mtu inside 1500cuted the 'poli

mtu outside 1500ct

riodic month

icmp unreachable rate-limit 1 burst-size 1-111008: User 'Config' executed the 'subsc

asdm image disk0:/asdm-625.bino5-111008: User 'Config' execu

no asdm history enablemmand.outside' command

arp timeout 14400monthly' command.

nat-control

%ASA-5-111

global (outside) 1 interfacenfig' executed the 'subscrib

nat (inside) 1 0.0.0.0 0.0.0.0andasa# threat-detec

d.n

%ASA

access-group INBOUND in interface outside08: Us

riodic daily' command.e          

timeout xlate 3:             

aaa authentication ssh console LOCALe Ethernet0/5, changed state to admi

http server enableas

%ASA-5-111008:

http 192.168.1.0 255.255.255.0 inside' executed the

%ASA-4-411003: Interfa

no snmp-server locationstate to administra con

no snmp-server contact                     

telnet timeout 5# nat-contr

%ASA

ssh 0.0.0.0 0.0.0.0 insideec

%ASA-4-411001: Line pro

ssh 0.0.0.0 0.0.0.0 outside/3, changed state to upomma

ssh timeout 5SA-5-111

%ASA

console timeout 0onfig' executed t

dhcpd dns 8.8.8.8 8.8.4.4ne protocol on Interface

dhcpd auto_config outside to ups_map' com

%ASA-5-1

!0

dhcpd address 192.168.1.2-192.168.1.33 insideommand

enableR: % I

Password:SA-5-1110

Wood-A

dhcpd dns 8.8.8.8 8.8.4.4 interface inside: Uname: enable_15 From: 1 To:pect netbios

dhcpd enable insidescoas

%ASA-5-111008

!U

threat-detection basic-threat%ASA-5-111008: User 'enable_1

threat-detection statistics acce

.0.0.0 0.0.0.        

parametersprompt host

  message-length maximum client auto1008: User 'enable_15' executed the

  message-length maximum 512A-5-111008: User 'Config' ex

policy-map type inspect dns prsent_dns_map 0/0' command. executed the 'inspe

no shut

parametersA-5

Wood-AS

  message-length maximum 512 Interface Ethernet0/0, chan

policy-map global_policyg' executed the 'inspect

class inspection_defaultA-5-111008: User 'Con

ini

  inspect dns preset_dns_map

%ASA-5-111008: User 'enable

  inspect ftpthe 'no shutd

  inspect h323 h225111008: User 'Confi

  inspect h323 rasstination address

  inspect rsh1001: Line pr

  inspect ip-options

!

service-policy global_policy global

prompt hostname context

call-home

profile CiscoTAC-1

  no active

  destination address http https://tools.cisco.com/its/service/oddce/services/DD

CEService

  destination address email callhome@cisco.com

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily

Cryptochecksum:c3a35118ab34143a5e73e414ead343c1

Labels:
0 Helpful
3 Replies 3

Maykol Rojas
Cisco Employee
Cisco Employee

‎08-31-2011 11:03 AM

Hi,

When you mean setting up SSL, the concept is too big, can mean SSLVPN, WebVPN, ASDM etc. Are you trying to setup ASDM to manage your device, or are you trying to configure a VPN anyconnect so you can manage your device?

Thanks!

Mike

Mike
0 Helpful

woodjl1650
Level 1
Level 1
In response to Maykol Rojas

‎08-31-2011 11:07 AM

SSL VPN and VPN anyconnect

0 Helpful

Maykol Rojas
Cisco Employee
Cisco Employee
In response to woodjl1650

‎08-31-2011 11:14 AM

Hi,

It would be better if you move the case to the VPN forum, they will assist you better. On your configuration, I cannot see anything configured yet. Here is a guide that you can follow:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/svc.html

Mike

Mike
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card