Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
780
Views
5
Helpful
4
Replies

can not connect to my ASA 5505 with a https

Go to solution
iliass joudat
Level 1
Level 1

‎12-26-2014 12:44 PM - edited ‎03-11-2019 10:16 PM

hello everyone
I can not connect to my ASA 5505 with a https on Mozilla V34, knowing that-sha1 is enabled:
 
thank you

below the configuration:

hostname ciscoasa
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address dhcp setroute
!
ftp mode passive
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.5-192.168.1.132 inside
dhcpd enable inside
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
: end

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to iliass joudat

‎12-29-2014 04:52 PM

You can get the 3DES-AES feature enabled by going to the self-service portal.

Choose the option to "Get Other Licenses" and then the option for "Crypto, IPS, other". In the popup window select security products and then you will have the option to select the 3DES-AES license. Select that and then "next". Provide your device serial number and you will be mailed an activation-key.

Activate the license with the command "activation-key <key string Cisco sends you>".

Once you have it active, make sure you have only strong ssl ciphers allowed by entering:

no ssl encryption des-sha1

ssl encryption aes128-sha1 aes256-sha1 3des-sha1

...in config mode.

 

 

View solution in original post

4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-26-2014 02:11 PM

Does your 5505 have the (free but required) 3DES-AES license installed? Please verify that (show activation-key") and remedy if needed.

Do you have an asdm image on the 5505? Please verify that ("dir") and specify that image in the configuration.

For example:

asdm image disk0:/asdm-731-101.bin

Your PC should be coming from an address in the 192.168.1.0 subnet.

0 Helpful

Go to solution
iliass joudat
Level 1
Level 1
In response to Marvin Rhoads

‎12-29-2014 02:24 PM

Dear Marvin ;

my adress ip is 192.168.1.10 /24

but for 3DES-AES , is disabled ,

Running Activation Key: 0xad1ad168 0x60e83f0e 0x4843b1cc 0x9920e048 0x410905aa

Licensed features for this platform:
Maximum Physical Interfaces    : 8
VLANs                          : 3, DMZ Restricted
Inside Hosts                   : 50
Failover                       : Disabled
VPN-DES                        : Enabled
VPN-3DES-AES                   : Disabled
SSL VPN Peers                  : 2
Total VPN Peers                : 10
Dual ISPs                      : Disabled
VLAN Trunk Ports               : 0
Shared License                 : Disabled
AnyConnect for Mobile          : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials          : Disabled
Advanced Endpoint Assessment   : Disabled
UC Phone Proxy Sessions        : 2
Total UC Proxy Sessions        : 2
Botnet Traffic Filter          : Disabled

This platform has a Base license.

 

directory :

Directory of disk0:/

130    -rwx  15390720    08:01:08 Mar 28 2014  asa825-k8.bin
13     drwx  2048        08:01:20 Mar 28 2014  coredumpinfo
131    -rwx  16280544    08:02:26 Mar 28 2014  asdm-645.bin
3      drwx  2048        08:06:52 Mar 28 2014  log
12     drwx  2048        08:07:18 Mar 28 2014  crypto_archive
133    -rwx  2048        00:00:00 Jan 01 1980  FSCK0000.REC
134    -rwx  4096        00:00:00 Jan 01 1980  FSCK0001.REC
135    -rwx  4096        00:00:00 Jan 01 1980  FSCK0002.REC
136    -rwx  4096        00:00:00 Jan 01 1980  FSCK0003.REC
137    -rwx  4096        00:00:00 Jan 01 1980  FSCK0004.REC
138    -rwx  6144        00:00:00 Jan 01 1980  FSCK0005.REC
139    -rwx  6144        00:00:00 Jan 01 1980  FSCK0006.REC
140    -rwx  6144        00:00:00 Jan 01 1980  FSCK0007.REC
141    -rwx  22528       00:00:00 Jan 01 1980  FSCK0008.REC
142    -rwx  38912       00:00:00 Jan 01 1980  FSCK0009.REC
143    -rwx  34816       00:00:00 Jan 01 1980  FSCK0010.REC
144    -rwx  43008       00:00:00 Jan 01 1980  FSCK0011.REC
145    -rwx  2048        00:00:00 Jan 01 1980  FSCK0012.REC
146    -rwx  26624       00:00:00 Jan 01 1980  FSCK0013.REC
147    -rwx  2048        00:00:00 Jan 01 1980  FSCK0014.REC
148    -rwx  26624       00:00:00 Jan 01 1980  FSCK0015.REC
149    -rwx  2048        00:00:00 Jan 01 1980  FSCK0016.REC
150    -rwx  3203909     01:55:48 Jun 03 2014  anyconnect-win-2.4.1012-k9.pkg
151    -rwx  24095116    19:48:14 Sep 24 2014  asdm-721.bin
152    -rwx  26624       00:00:00 Jan 01 1980  FSCK0017.REC
153    -rwx  2048        00:00:00 Jan 01 1980  FSCK0018.REC

 

thank you for your support

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to iliass joudat

‎12-29-2014 04:52 PM

You can get the 3DES-AES feature enabled by going to the self-service portal.

Choose the option to "Get Other Licenses" and then the option for "Crypto, IPS, other". In the popup window select security products and then you will have the option to select the 3DES-AES license. Select that and then "next". Provide your device serial number and you will be mailed an activation-key.

Activate the license with the command "activation-key <key string Cisco sends you>".

Once you have it active, make sure you have only strong ssl ciphers allowed by entering:

no ssl encryption des-sha1

ssl encryption aes128-sha1 aes256-sha1 3des-sha1

...in config mode.

 

 

Go to solution
iliass joudat
Level 1
Level 1
In response to Marvin Rhoads

‎01-13-2015 03:20 PM

Thank you Marvin , it very helpful

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card