Solved: Cisco ASA 5512-X Cannot login via console

unrealone1 · ‎02-26-2014

Hi,

Tried logging in via ASDM, but apperantly there is a command I need to run first.

So plugged console cable into my laptop and firewall, ciscoasa> comes up, but I cannot log into it?

I thought username: cisco and password: cisco were the defaults? Any ideas?

Marvin Rhoads · ‎02-28-2014

You don't.- it's the (free) "3DES/AES License" you need - as I noted in my initial post. It just coincidentally appears on the same page as IPS licenses.

The 3DES/AES License allows your ASA to support strong encryption that is built into all modern web browsers. Without it, the https transport cannot negotiate to an acceptably strong cipher suite.

View solution in original post

unrealone1 · ‎02-26-2014

Managed to login to the asa via the console, didnt type the enable command.

Have another question, I still cannot access the ASDM via the MGMT port on 192.168.1.1, so I typed the below command as https://supportforums.cisco.com/thread/2198194 suggested:

ssl encryption aes128-sha1 3des-sha1

and I get a message:

The 3DES/AES algorithms require a VPN-3DES-AES activation key

Any ideas?

Marvin Rhoads · ‎02-26-2014

Your ASA was not ordered with the strong encryption option. Assuming you're not in a prohibited country (e.g. North Korea, Iran etc.), you can go the the licensing portal and get the necessary activation key in just a few minutes.

https://tools.cisco.com/SWIFT/LicensingUI/Quickstart

Choose Get New > IPS, Crypto or Other licenses. On the subsequent page choose Security Products > Cisco ASA 3DES/AES License. Provide your serial number and the portal will generate the activation-key you need via e-mail with instructions to install it.

unrealone1 · ‎02-27-2014

Hi,

I went to the above link but I couldnt see an option for IPS.

Can you be more specfic with the instructions.

Start licensing wizard?

Marvin Rhoads · ‎02-27-2014

See the following screen shots (click to enlarge) for Step #1, #2 and #3 following the link I posted above.

unrealone1 · ‎02-28-2014

Marvin, many thanks for that. I dont seem to have these options in the screen shot? logged in etc. Firewall is not registered on my account yet, this why? If so how do I go about this?

unrealone1 · ‎02-28-2014

Was because I was using IE11 ! Tried Firefox and I have the available options.

Anyway, gone through all the steps and get stuck here:

unrealone1 · ‎02-28-2014

Marvin,

Why do I need this IPS license? My old ASA5510 didnt require an IPS license to access the ASDM?

Marvin Rhoads · ‎02-28-2014

You don't.- it's the (free) "3DES/AES License" you need - as I noted in my initial post. It just coincidentally appears on the same page as IPS licenses.

The 3DES/AES License allows your ASA to support strong encryption that is built into all modern web browsers. Without it, the https transport cannot negotiate to an acceptably strong cipher suite.