Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1518
Views
0
Helpful
6
Replies

Can't connect asa5520 using 443

Go to solution
demberel1
Level 1
Level 1

‎12-21-2015 01:12 AM - edited ‎03-12-2019 12:03 AM

Hello All.

I can access my asa5520 (8.3) using asdm(6.3) and work normally. But I can't open web browser then enter this address https://192.168.100.254/ or https://192.168.100.254/admin. I am trying configure asdm on another linux desktop.

Does anyone have any idea or suggestion what to do?

Labels:
Preview file
47 KB
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Shivapramod M
Level 1
Level 1
In response to demberel1

‎12-29-2015 06:37 PM

Hi,

Please confirm whether the PC ip is permitted to access via http. You can run "show run http"  and check whether the PC IP or subnet is configured.

Second thing is that you can run "show run all ssl" and verify what encryption algorithms are configured.  You can run the command "ssl encryption 3des-sha1 aes128-sha1 aes256-sha1 des-sha1 null-sha1 rc4-md5 rc4-sha1" to add the ciphers for the SSL handshake.

To add the AES encryption you need to have the "Encryption-3DES-AES " license enabled on the ASA. You can check this by running "show version" or "show activation-key"


Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts

View solution in original post

0 Helpful

Go to solution
Shivapramod M
Level 1
Level 1
In response to demberel1

‎12-30-2015 08:52 PM

Hi,

Yes, you need to run the command "ssl encryption 3des-sha1 aes128-sha1 aes256-sha1 des-sha1 null-sha1 rc4-md5 rc4-sha1".

When you connect to the ASA via https using the browser the SSL handshake will fail due to cipher suites mis-match. You can use mozilla browser to open the firewall via https and you should see the error similar to cipher mismatch. If you add all the ciphers using the above command the issue should resolve. But make sure you have the  "Encryption-3DES-AES " license enabled on the ASA.


Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-21-2015 06:00 AM

Is the other Linux desktop on the same subnet as the one with a working connection? The ASA normally restricts what remote clients are allowed to connect for system management with the command:

http <interface> <subnet> <mask>

"show run http" will show you how that's configured.

0 Helpful

Go to solution
demberel1
Level 1
Level 1
In response to Marvin Rhoads

‎12-29-2015 05:57 PM

Hello Marvin Rhoads,

Also i can't access using web browser on windows desktop what installed asdm. 

Thanks

0 Helpful

Go to solution
Shivapramod M
Level 1
Level 1
In response to demberel1

‎12-29-2015 06:37 PM

Hi,

Please confirm whether the PC ip is permitted to access via http. You can run "show run http"  and check whether the PC IP or subnet is configured.

Second thing is that you can run "show run all ssl" and verify what encryption algorithms are configured.  You can run the command "ssl encryption 3des-sha1 aes128-sha1 aes256-sha1 des-sha1 null-sha1 rc4-md5 rc4-sha1" to add the ciphers for the SSL handshake.

To add the AES encryption you need to have the "Encryption-3DES-AES " license enabled on the ASA. You can check this by running "show version" or "show activation-key"


Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts

0 Helpful

Go to solution
demberel1
Level 1
Level 1
In response to Shivapramod M

‎12-30-2015 07:50 PM

Thank you for the replay

Http server permission is correct.

so, Do I need to add AES encryption?  But My asdm is run normal.

After i add AES encryption, It show any problem when access to asa with asdm.

Result of the command: "show run http"

http server enable
http server idle-timeout 10
http 192.168.100.0 255.255.255.0 office

Result of the command: "show run all ssl"

ssl server-version any
ssl client-version any
ssl encryption des-sha1

0 Helpful

Go to solution
Shivapramod M
Level 1
Level 1
In response to demberel1

‎12-30-2015 08:52 PM

Hi,

Yes, you need to run the command "ssl encryption 3des-sha1 aes128-sha1 aes256-sha1 des-sha1 null-sha1 rc4-md5 rc4-sha1".

When you connect to the ASA via https using the browser the SSL handshake will fail due to cipher suites mis-match. You can use mozilla browser to open the firewall via https and you should see the error similar to cipher mismatch. If you add all the ciphers using the above command the issue should resolve. But make sure you have the  "Encryption-3DES-AES " license enabled on the ASA.


Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts

0 Helpful

Go to solution
demberel1
Level 1
Level 1
In response to Shivapramod M

‎12-30-2015 09:25 PM

Thanks Shivapramod M,

I can access to asa via https  after add all encryption. Great.

Best Regard,

Demberel B

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card