05-06-2021 06:20 AM
LS,
after configuring a Cisco FP1010 running ASA software version 9.14(2) I get a warning when starting ASDM.
"You have HTTPS enabled on a non-management-only interface, and you have not enable the Encryption-3DES-AES license. If you configure a feature that can use strong encryption on this interface, then the Encryption-DES will be enforced on this interface. Your management connection to this interface will drop.
Enable the Encryption-3DES-AES license, or disable HTTPS on non-management-only interfaces. If your connection get dropped, then you can reconnect on a management-only interface or on an interface not configured for a strong encryption feature"
Although the message is (to some extend) very clear. The device does not have the 3DES-AES license. We do not want to install the license for 3DES-AES. It leaves me with some questions.
a) how to get rid of this warning?
b) Why do I get this warning (my feeling is that HTTP is only enable for the management interface, see below)?
c) What can trigger the described behavior (DES encryption and dropping the management connection)?
Our config contains the following lines to enable HTTP so I can use ASDM:
http server enable
http FIREWALL_WEB_CLIENT 255.255.255.255 mgnt
So for me this means http is enabled on the management-only interface and not on "non-management-only interfaces".
Regards,
TF
05-06-2021 06:41 AM
Why not install the 3DES-AES license?...there is no cost.
05-06-2021 06:43 AM
Export controls to certain countries (we use the switch in our product)
07-17-2023 02:47 AM
Did you get a response/fix to this?
07-17-2023 07:20 AM - edited 07-27-2023 01:44 AM
If you're interested in the answer, you have two options to get rid of the warning message: install the 3DES-AES license on the device, or disable HTTPS on non-management-only interfaces. While I was figuring out this system for my study project, I fell behind a little in my university studies. Therefore, I found the https://essays.edubirdie.com/engineering-assignment-help resource where they prepared my engineering task for me. I'm not worried about this subject because I know it well, I just didn't have time to do the work myself.
07-18-2023 12:13 AM
Hi Carl, enabling the 3DES-AES license is not an option due to export controls (see description).
Can you explain how to disable HTTPS on "non-management interfaces"?
I find the term "non-management-only" interfaces confusing? Any clue what it meant by this?
Regards, Tom
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide