Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3626
Views
0
Helpful
5
Replies

ASDM Warning / ASA / 3DES-AES license / HTTPS on non-management-only interface

tom.fransen
Level 1
Level 1

‎05-06-2021 06:20 AM

LS,

 

after configuring a Cisco FP1010 running ASA software version 9.14(2) I get a warning when starting ASDM.

 

"You have HTTPS enabled on a non-management-only interface, and you have not enable the Encryption-3DES-AES license. If you configure a feature that can use strong encryption on this interface, then the Encryption-DES will be enforced on this interface. Your management connection to this interface will drop.

 

Enable the Encryption-3DES-AES license, or disable HTTPS on non-management-only interfaces. If your connection get dropped, then you can reconnect on a management-only interface or on an interface not configured for a strong encryption feature"

 

Although the message is (to some extend) very clear. The device does not have the 3DES-AES license.  We do not want to install the license for 3DES-AES. It leaves me with some questions.

 

a) how to get rid of this warning? 

b) Why do I get this warning (my feeling is that HTTP is only enable for the management interface, see below)?

c) What can trigger the described behavior (DES encryption and dropping the management connection)?

 

Our config contains the following lines to enable HTTP so I can use ASDM:

http server enable
http FIREWALL_WEB_CLIENT 255.255.255.255 mgnt

 

So for me this means http is enabled on the management-only interface and not on "non-management-only interfaces".

 

Regards,

TF

1 person had this problem
0 Helpful
5 Replies 5

Rob Ingram
VIP
VIP

‎05-06-2021 06:41 AM

@tom.fransen 

Why not install the 3DES-AES license?...there is no cost.

0 Helpful

tom.fransen
Level 1
Level 1
In response to Rob Ingram

‎05-06-2021 06:43 AM

Export controls to certain countries (we use the switch in our product)

0 Helpful

asasasasasasasasasasasa
Level 1
Level 1

‎07-17-2023 02:47 AM

Did you get a response/fix to this?

 

0 Helpful

Carl Barker
Level 1
Level 1
In response to asasasasasasasasasasasa

‎07-17-2023 07:20 AM - edited ‎07-27-2023 01:44 AM

If you're interested in the answer, you have two options to get rid of the warning message: install the 3DES-AES license on the device, or disable HTTPS on non-management-only interfaces. While I was figuring out this system for my study project, I fell behind a little in my university studies. Therefore, I found the https://essays.edubirdie.com/engineering-assignment-help resource where they prepared my engineering task for me. I'm not worried about this subject because I know it well, I just didn't have time to do the work myself.

0 Helpful

tom.fransen
Level 1
Level 1
In response to Carl Barker

‎07-18-2023 12:13 AM

Hi Carl, enabling the 3DES-AES license is not an option due to export controls (see description).
Can you explain how to disable HTTPS on "non-management interfaces"?

I find the term "non-management-only" interfaces confusing? Any clue what it meant by this?

 

Regards, Tom

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card