The connection for this site is not secure

Hamid Amir · ‎01-03-2023

Dear All, I am having a problem, because I have configured all steps to connect ASDM via web browser, but I cannot access ASDM for some reason, The error message and my configuration are below.

Can you help please ?

The connection for this site is not secure

192.168.10.1 uses an unsupported protocol.

Try:

Search the web for 192 168 10 1

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Hide details

Unsupported protocol

The client and server don't support a common SSL protocol version or cipher suite.

My Configuration

ciscoasa# sh run all ssl
ssl server-version any
ssl client-version any
ssl encryption 3des-sha1 des-sha1 rc4-md5 aes128-sha1 aes256-sha1
ssl trust-point ASDM_Launcher_Access_TrustPoint_0 inside
ssl trust-point ASDM_Launcher_Access_TrustPoint_0 outside
ssl certificate-authentication fca-timeout 2

ciscoasa# sh run aaa
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL

ciscoasa# sh run htt
http server enable
http 0.0.0.0 0.0.0.0 inside
http 0.0.0.0 0.0.0.0 outside

ciscoasa# sh asdm image
Device Manager image file, disk0:/asdm-7101.bin

Licensed features for this platform:
Maximum Physical Interfaces : 8 perpetual
VLANs : 20 DMZ Unrestricted
Dual ISPs : Enabled perpetual
VLAN Trunk Ports : 8 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Standby perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
AnyConnect Premium Peers : 25 perpetual
AnyConnect Essentials : 25 perpetual
Other VPN Peers : 25 perpetual
Total VPN Peers : 25 perpetual
Shared License : Enabled perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled perpetual
Advanced Endpoint Assessment : Enabled perpetual
UC Phone Proxy Sessions : 24 perpetual
Total UC Proxy Sessions : 24 perpetual
Botnet Traffic Filter : Enabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Disabled perpetual

This platform has an ASA 5505 Security Plus license.

Kind Regards

Rob Ingram · ‎01-03-2023

@Hamid Amir you need to determine if you can enable TLS 1.0/1.1 on the web browser you are using. As I said TLS 1.0/1.1 is no longer supported in the majority of web browsers, since 2020. https://support.mozilla.org/en-US/questions/1290040

View solution in original post

MHM Cisco World · ‎01-03-2023

ssl cipher <tls version> all

check this command,

Hamid Amir · ‎01-03-2023

Hi

ciscoasa# show ssl
Accept connections using SSLv2 or greater and negotiate to SSLv3 or TLSv1
Start connections using SSLv3 and negotiate to SSLv3 or greater
Enabled cipher order: 3des-sha1 des-sha1 rc4-md5 aes128-sha1 aes256-sha1

SSL trust-points:
inside interface: ASDM_Launcher_Access_TrustPoint_0
outside interface: ASDM_Launcher_Access_TrustPoint_0
Certificate authentication is not enabled

MHM Cisco World · ‎01-03-2023

theASA accept SSLv2 or greater, so can you change the browser to use SSLv2 or SSLv3 ?

Rob Ingram · ‎01-03-2023

SSLv2 and v3 have long been depreciated in web browsers, TLS 1.2 is the minimum.

Hamid Amir · ‎01-03-2023

Hi,

Thank You for your reply.

SSL 3.0 is enabled, but I can not see SSL 2.0 in the list.

Kind Regards

Rob Ingram · ‎01-03-2023

@Hamid Amir most if not all web browers no longer support TLS 1.0/1.1, your ASA 5505 software version probably doesn't support TLS 1.2 - hence the error your receive. I believe TLS 1.2 is supported from ASA vesion 9.3, the latest version supported by the 5505 is ASA 9.2. So you'd either have to force the web browser to support TLS 1.0/1.1 or replace the hardware.

The ASA 5505 is so old, I recommend replacing the hardware, the FPR1010 would be a suitable replacement - https://www.cisco.com/c/en/us/products/collateral/security/firepower-1000-series/datasheet-c78-742469.html

Hamid Amir · ‎01-03-2023

Hi Rob,

Thank you for your reply.

I can access asdm application after I deleted TLSv1.1 from java security file and added deployment.security.TLSv1=true to deployment.properties, but I can not accesses it via Web Browser .

Rob Ingram · ‎01-03-2023

@Hamid Amir you need to determine if you can enable TLS 1.0/1.1 on the web browser you are using. As I said TLS 1.0/1.1 is no longer supported in the majority of web browsers, since 2020. https://support.mozilla.org/en-US/questions/1290040

Hamid Amir · ‎01-03-2023

Hi Rob,

I Just replaced my broking asa 5505 and the browser was working.

Best Regards

Hamid Amir · ‎01-04-2023

Hi

It has been resolved by make legacy sites work in Microsoft Edge in Default Browser setting.

Thank you very much for your help.

Kind Regards

Nelson Montaño · ‎11-10-2023

Hi Hamid,

Could you tel me how to make the edge accept old sities? I have the same problem...

Hamid Amir · ‎11-11-2023

Hi Nelson,

Go to settings in Edge, click on the Default browser in the left-hand bar and then choose to allow and add the ip address in Make legacy sites work in Microsoft Edge.

Can not connect to ASDM by web browser

The connection for this site is not secure

192.168.10.1 uses an unsupported protocol.