12-21-2015 01:12 AM - edited 03-12-2019 12:03 AM
Hello All.
I can access my asa5520 (8.3) using asdm(6.3) and work normally. But I can't open web browser then enter this address https://192.168.100.254/ or https://192.168.100.254/admin. I am trying configure asdm on another linux desktop.
Does anyone have any idea or suggestion what to do?
Solved! Go to Solution.
12-29-2015 06:37 PM
Hi,
Please confirm whether the PC ip is permitted to access via http. You can run "show run http" and check whether the PC IP or subnet is configured.
Second thing is that you can run "show run all ssl" and verify what encryption algorithms are configured. You can run the command "ssl encryption 3des-sha1 aes128-sha1 aes256-sha1 des-sha1 null-sha1 rc4-md5 rc4-sha1" to add the ciphers for the SSL handshake.
To add the AES encryption you need to have the "Encryption-3DES-AES " license enabled on the ASA. You can check this by running "show version" or "show activation-key"
Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts
12-30-2015 08:52 PM
Hi,
Yes, you need to run the command "ssl encryption 3des-sha1 aes128-sha1 aes256-sha1 des-sha1 null-sha1 rc4-md5 rc4-sha1".
When you connect to the ASA via https using the browser the SSL handshake will fail due to cipher suites mis-match. You can use mozilla browser to open the firewall via https and you should see the error similar to cipher mismatch. If you add all the ciphers using the above command the issue should resolve. But make sure you have the "Encryption-3DES-AES " license enabled on the ASA.
Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts
12-21-2015 06:00 AM
Is the other Linux desktop on the same subnet as the one with a working connection? The ASA normally restricts what remote clients are allowed to connect for system management with the command:
http <interface> <subnet> <mask>
"show run http" will show you how that's configured.
12-29-2015 05:57 PM
Hello Marvin Rhoads,
Also i can't access using web browser on windows desktop what installed asdm.
Thanks
12-29-2015 06:37 PM
Hi,
Please confirm whether the PC ip is permitted to access via http. You can run "show run http" and check whether the PC IP or subnet is configured.
Second thing is that you can run "show run all ssl" and verify what encryption algorithms are configured. You can run the command "ssl encryption 3des-sha1 aes128-sha1 aes256-sha1 des-sha1 null-sha1 rc4-md5 rc4-sha1" to add the ciphers for the SSL handshake.
To add the AES encryption you need to have the "Encryption-3DES-AES " license enabled on the ASA. You can check this by running "show version" or "show activation-key"
Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts
12-30-2015 07:50 PM
Thank you for the replay
Http server permission is correct.
so, Do I need to add AES encryption? But My asdm is run normal.
After i add AES encryption, It show any problem when access to asa with asdm.
Result of the command: "show run http"
http server enable
http server idle-timeout 10
http 192.168.100.0 255.255.255.0 office
Result of the command: "show run all ssl"
ssl server-version any
ssl client-version any
ssl encryption des-sha1
12-30-2015 08:52 PM
Hi,
Yes, you need to run the command "ssl encryption 3des-sha1 aes128-sha1 aes256-sha1 des-sha1 null-sha1 rc4-md5 rc4-sha1".
When you connect to the ASA via https using the browser the SSL handshake will fail due to cipher suites mis-match. You can use mozilla browser to open the firewall via https and you should see the error similar to cipher mismatch. If you add all the ciphers using the above command the issue should resolve. But make sure you have the "Encryption-3DES-AES " license enabled on the ASA.
Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts
12-30-2015 09:25 PM
Thanks Shivapramod M,
I can access to asa via https after add all encryption. Great.
Best Regard,
Demberel B
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide