Solved: Can't Connect to Console

msenior73 · ‎04-10-2013

I'm trying to access our ASA 5512-X via the Management port, but the address https://192.168.1.1/admin can't be displayed.

Any ideas on how I can fix this?

Thanks.

Julio Carvajal · ‎04-10-2013

You have to be on configuration mode

config te

ssl encryption aes128-sha1 3des-sha1

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Julio Carvajal · ‎04-10-2013

Hello,

Have you configured HTTPS access via that interface?

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

msenior73 · ‎04-10-2013

I just took it out of the box and connected a computer to it and tried what the instructions listed.

Julio Carvajal · ‎04-10-2013

Okay,

It's your computer on the same subnet than the ASA?

Do you have a console cable that you could use to connect to the box

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

msenior73 · ‎04-10-2013

The computer got an IP from the firewall:

192.168.1.3

Subnet: 255.255.255.0

DHCP: 192.168.1.1 (firewall)

Julio Carvajal · ‎04-10-2013

Hello Michael,

Okay, got it. That's good,

It might be a problem with the SSL certificate or trustpoint being provided by the ASA

Can you connect via console to the box so I can provide you some commands?

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

msenior73 · ‎04-10-2013

I have the console cable connected...how do I interface with it?

Julio Carvajal · ‎04-10-2013

http://www.freeccnaworkbook.com/workbooks/ccna/connecting-to-a-cisco-device-via-console

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

msenior73 · ‎04-10-2013

I found a program and am currently connected to it. Please let me know which commands I should run.

Julio Carvajal · ‎04-10-2013

Show SSL

Provide the results

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

msenior73 · ‎04-10-2013

Accept connections using SSLv2, SSLv3, or TLSv1 and negotiate to SSLv3 or TLSv1

Start connections using SSLv3 and negotiate to SSLv3 or TLSv1

Enabled cipher order: des-sha1

Disabled ciphers: 3des-sha1 rc4-md5 rc4-sha1 aes128-sha1 aes256-sha1 null-sha1

No SSL trust-points configured

Certificate authentication is not enabled

Julio Carvajal · ‎04-10-2013

Add the following to make it work

ssl encryption aes128-sha1 3des-sha1

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

msenior73 · ‎04-10-2013

Error: % Invalid input detected at '^' marker:

ssl (under the l in ssl)

^

Julio Carvajal · ‎04-10-2013

You have to be on configuration mode

config te

ssl encryption aes128-sha1 3des-sha1

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

msenior73 · ‎04-10-2013

Woo hoo!!! It works!!

Thank you so much for your help with this!!! It is truly appreciated.