cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1614
Views
24
Helpful
13
Replies

ASDM Problems

caioamonteiro
Beginner
Beginner

Hi everone,

I recently bought an all brand new ASA 5510 and it is here by my side. I'm trying to configure it but when entering https://192.168.1.1/admin I get Page Not Found error on IE. I'm able to ping 192.168.1.1 and have success telnet 443 port.

Any idea?

Regards.             

2 Accepted Solutions

Accepted Solutions

Hi Caio,

Apart from checking the Java version, you do necessarily need to add these on the ASA:

ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1

and

crypto key rsa generate modulus 1024

It should work after this.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

View solution in original post

Hello Caio,

Please add the following command, this should do it

ssl encryption aes256-sha1 aes128-sha1 3des-sha1

Rate all the helpful post

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

13 Replies 13

varrao
Advocate
Advocate

Hi Caio,

Can you please share an output of:

show run asdm

show run http

show crypto key mypubkey rsa

show run all ssl

You can also follow this doc for troubleshooting:

https://supportforums.cisco.com/docs/DOC-15016

Hope this helps.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

Hi Varun,

sh run http:

http server enable

http 192.168.1.0 255.255.255.0 management

sh run all ssl:

ssl server-version any

ssl client-version any

ssl encryption des-sha1

The other two return nothing.

Thanks!

Marvin Rhoads
Hall of Fame
Hall of Fame

I assume you are plugged directly into the Mgmt Ethernet port and getting a DHCP address from the ASA (or have manually assigned yourself one in the 192.168.1.0/24 network).

Can you check the output (from console) of "show activation-key"? Look for the 3DES/AES license to be active.

I have seen issue with updated browsers not working with ASDM due to the encryption expected by the browser's security settings not being active on the ASA. It is a free upgrade - go to www.cisco.com/go/licensing to get an activation key for 3DES/AES.

Hi Marvin

VPN-3DES-AES                   : Disabled

Is this one?

Thanks!

Hi Caio,

Yes, as correctly mentioned by Marvin, you would need a 3DES license for it, but its not an issue, you can generate free license from  this site:

https://tools.cisco.com/SWIFT/LicensingUI/loadDemoLicensee?FormId=139

Hope that helps.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

Hi,

Thanks for helping. I added the license but the problem keeps happening.

Then  can you please share teh outputs I requested

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

Sorry, I replied this on your post. Here goes again:

Hi Varun,

sh run http:

http server enable

http 192.168.1.0 255.255.255.0 management

sh run all ssl:

ssl server-version any

ssl client-version any

ssl encryption des-sha1

The other two return nothing.

Thanks!

Hi Bro

Do you have the latest java version from www.java.com installed on your workstation that's directly connected to the Management 0/0 interface? Furthermore, please do remove the proxy settings in your Internet Browser. Is this issue happening to all workstations when trying to access the ASDM or only your workstation?

Warm regards,
Ramraj Sivagnanam Sivajanam

Hi,

Going to try other CPU and updating my Java.

Thanks for the tip!

Hi Caio,

Apart from checking the Java version, you do necessarily need to add these on the ASA:

ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1

and

crypto key rsa generate modulus 1024

It should work after this.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

Hello Caio,

Please add the following command, this should do it

ssl encryption aes256-sha1 aes128-sha1 3des-sha1

Rate all the helpful post

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

caioamonteiro
Beginner
Beginner

Thanks Varun and jcarvaja!

Both answers correct.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: