11-12-2018 05:16 AM - edited 02-21-2020 08:27 AM
Hello,
I cannot get ASDM to work on my ASA 5506-X. When accessing https://ipaddr/admin I get an error regarding unsupported ciphers/SSL or unsupported protocol. I have done troubleshooting according to this guide:
https://community.cisco.com/t5/security-documents/asdm-access-troubleshooting/ta-p/3122148
The license required for the strong ciphers is applied and I have tried several config changes using the 'ssl ciphers' and 'ssl encryption' command. I have attached the show run and show versions output to this post.
SJS
11-16-2018 07:03 PM
@sjs2222 wrote:
Hello,
I cannot get ASDM to work on my ASA 5506-X. When accessing https://ipaddr/admin I get an error regarding unsupported ciphers/SSL or unsupported protocol. I have done troubleshooting according to this guide:
https://community.cisco.com/t5/security-documents/asdm-access-troubleshooting/ta-p/3122148
The license required for the strong ciphers is applied and I have tried several config changes using the 'ssl ciphers' and 'ssl encryption' command. I have attached the show run and show versions output to this post.
SJS
Are you using an older OS / browser? You have tls 1.1 and fips ciphers enabled which could be an issue. Also, I'd try different browsers, they might not like the self signed certificate the ASA is using.
Also I'd add:
aaa authentication http console LOCAL
Also try manually specifying ASDM with its full name as it's shown in flash:
asdm image flash:fullasdmfilename
11-18-2018 04:53 PM
Hi,
remove ssl commands for time being. and follow mls577 commands. you should be good.
11-19-2018 04:48 AM
Thanks for the suggestions, I have tried the below and still have the same result:
no ssl server-version tlsv1.1
no ssl client-version tlsv1.1
no ssl cipher tlsv1.1 fips
asdm image flash disk0:/asdm-761.bin
aaa authentication http console LOCAL
Do you have any other ideas? It's really strange because this firewall is new and I haven't done anything to it. I am really surprised it doesn't work straight out the box.
11-19-2018 01:58 PM
What is the output of show run all ssl ?
11-19-2018 10:11 PM
@sjs2222 wrote:
Thanks for the suggestions, I have tried the below and still have the same result:
no ssl server-version tlsv1.1
no ssl client-version tlsv1.1
no ssl cipher tlsv1.1 fipsasdm image flash disk0:/asdm-761.bin
aaa authentication http console LOCAL
Do you have any other ideas? It's really strange because this firewall is new and I haven't done anything to it. I am really surprised it doesn't work straight out the box.
At this point, I'm going to go with the issue either being asdm version or a client issue with your browsers. Have you tried different browsers? If that doesn't work, can you try uploading a newer asdm image to the asa?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide