08-22-2012 06:25 AM - edited 03-11-2019 04:45 PM
Hi everone,
I recently bought an all brand new ASA 5510 and it is here by my side. I'm trying to configure it but when entering https://192.168.1.1/admin I get Page Not Found error on IE. I'm able to ping 192.168.1.1 and have success telnet 443 port.
Any idea?
Regards.
Solved! Go to Solution.
08-22-2012 11:23 AM
Hi Caio,
Apart from checking the Java version, you do necessarily need to add these on the ASA:
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
and
crypto key rsa generate modulus 1024
It should work after this.
Thanks,
Varun Rao
Security Team,
Cisco TAC
08-22-2012 11:26 AM
Hello Caio,
Please add the following command, this should do it
ssl encryption aes256-sha1 aes128-sha1 3des-sha1
Rate all the helpful post
Julio
08-22-2012 06:39 AM
Hi Caio,
Can you please share an output of:
show run asdm
show run http
show crypto key mypubkey rsa
show run all ssl
You can also follow this doc for troubleshooting:
https://supportforums.cisco.com/docs/DOC-15016
Hope this helps.
Thanks,
Varun Rao
Security Team,
Cisco TAC
08-22-2012 07:04 AM
Hi Varun,
sh run http:
http server enable
http 192.168.1.0 255.255.255.0 management
sh run all ssl:
ssl server-version any
ssl client-version any
ssl encryption des-sha1
The other two return nothing.
Thanks!
08-22-2012 06:42 AM
I assume you are plugged directly into the Mgmt Ethernet port and getting a DHCP address from the ASA (or have manually assigned yourself one in the 192.168.1.0/24 network).
Can you check the output (from console) of "show activation-key"? Look for the 3DES/AES license to be active.
I have seen issue with updated browsers not working with ASDM due to the encryption expected by the browser's security settings not being active on the ASA. It is a free upgrade - go to www.cisco.com/go/licensing to get an activation key for 3DES/AES.
08-22-2012 07:00 AM
Hi Marvin
VPN-3DES-AES : Disabled
Is this one?
Thanks!
08-22-2012 07:27 AM
Hi Caio,
Yes, as correctly mentioned by Marvin, you would need a 3DES license for it, but its not an issue, you can generate free license from this site:
https://tools.cisco.com/SWIFT/LicensingUI/loadDemoLicensee?FormId=139
Hope that helps.
Thanks,
Varun Rao
Security Team,
Cisco TAC
08-22-2012 07:45 AM
Hi,
Thanks for helping. I added the license but the problem keeps happening.
08-22-2012 07:47 AM
Then can you please share teh outputs I requested
Thanks,
Varun Rao
Security Team,
Cisco TAC
08-22-2012 07:54 AM
Sorry, I replied this on your post. Here goes again:
Hi Varun,
sh run http:
http server enable
http 192.168.1.0 255.255.255.0 management
sh run all ssl:
ssl server-version any
ssl client-version any
ssl encryption des-sha1
The other two return nothing.
Thanks!
08-22-2012 10:35 AM
Hi Bro
Do you have the latest java version from www.java.com installed on your workstation that's directly connected to the Management 0/0 interface? Furthermore, please do remove the proxy settings in your Internet Browser. Is this issue happening to all workstations when trying to access the ASDM or only your workstation?
08-22-2012 10:49 AM
Hi,
Going to try other CPU and updating my Java.
Thanks for the tip!
08-22-2012 11:23 AM
Hi Caio,
Apart from checking the Java version, you do necessarily need to add these on the ASA:
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
and
crypto key rsa generate modulus 1024
It should work after this.
Thanks,
Varun Rao
Security Team,
Cisco TAC
08-22-2012 11:26 AM
Hello Caio,
Please add the following command, this should do it
ssl encryption aes256-sha1 aes128-sha1 3des-sha1
Rate all the helpful post
Julio
08-23-2012 04:58 AM
Thanks Varun and jcarvaja!
Both answers correct.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide