Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
276
Views
0
Helpful
1
Replies

ASA5512 to 9.5 (2) Upgrade issue with ASDM

ida71
Level 1
Level 1

‎01-21-2016 03:27 AM - edited ‎03-12-2019 12:10 AM

This is an FYI.

I had an issue with ASDM when upgrading a couple of ASA5512 Firewalls to 9.5(2) code.
I upgraded the ASDM image to 7.5(2) first & reconnected, all was well.
I then upgraded the ASA image to v9.5(2) & set as boot image & rebooted. The firewall came back & all services through it were fine including VPN's.
But I could NOT reconnect to the FW via ASDM. I still had SSH access.
ASDM launched to just past login & then errored "could not connect to device manager".

A bit of digging revealed that the SSL Encryption command has been deprecated from this version & replaced with the SSL Cipher command.
A "sh run | inc ssl" reveals the default SSL Cipher commands entered in replacement for SSL Encryption command.
They are all custom configs with a limited list of algorithms. These do NOT include support for TLSv1.2 which is required for ASDM access.

To fix this issue, add one of the following commands to the SSL Cipher config;-
ssl cipher tlsv1.2 all (for any algorithm, whether secure or not)
ssl cipher tlsv1.2 custom "add the algorithms you want support in these quotes" (or copy the limited list from the sh run above)

This will restore access via ASDM.
As another FYI, Cisco include support for TLSv1 in the default SSL Cipher commands, this should no longer be in use AFAIK, so you may want to NO that command out.

Hope this helps others

CW

Labels:
0 Helpful
1 Reply 1

Philip D'Ath
VIP Alumni
VIP Alumni

‎01-21-2016 03:42 PM

I've tried turning TLSv1 and TLSv1.1 off before and something broke - I think it was the ASDM.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card