Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2675
Views
10
Helpful
14
Replies

Cisco ASA ASDM - This site can’t provide a secure connection

jacob.mmchan
Level 1
Level 1

‎11-24-2022 11:10 AM

How can I access ASDM via browser?

Untitled.png

0 Helpful
14 Replies 14

Rob Ingram
VIP
VIP

‎11-24-2022 11:23 AM

@jacob.mmchan try changing your ciphers to something stronger, configure the following using the CLI.

ssl server-version tlsv1.2
ssl cipher tlsv1.2 medium

 ...this is assuming your ASA version support the stronger ciphers.

jacob.mmchan
Level 1
Level 1
In response to Rob Ingram

‎11-24-2022 12:16 PM

Need upgrade? Only need upgrade Device Manager Version?

Cisco Adaptive Security Appliance Software Version 9.1(7)32
Device Manager Version 7.10(1)

Compiled on Tue 04-Sep-18 08:37 by builders
System image file is "disk0:/asa917-32-k8.bin"
Config file at boot was "startup-config"

asafw01(config)# ssl server-version tlsv?

configure mode commands/options:
tlsv1 tlsv1-only
asafw01(config)# ssl server-version tlsv

0 Helpful

Rob Ingram
VIP
VIP
In response to jacob.mmchan

‎11-24-2022 12:26 PM - edited ‎11-24-2022 12:28 PM

@jacob.mmchan you need to upgrade ASA software and ASDM image.

TLS 1.2 is the minimum supported version on most browsers nowadays, ASA 9.1 only supports TLS 1.0

You'll only be able to download an upgrade if your ASA is under support.

0 Helpful

jacob.mmchan
Level 1
Level 1
In response to Rob Ingram

‎11-28-2022 02:53 AM

Upgraded ASDM Device Manager and ASA .bin version; also no tls 1.2 setting ... any idea?

edasfw01# sh ver

Cisco Adaptive Security Appliance Software Version 9.2(4)33
Device Manager Version 7.17(1)155

Compiled on Mon 30-Apr-18 14:49 by builders
System image file is "disk0:/asa924-33-k8.bin"
Config file at boot was "startup-config"

edasfw01(config)# ssl server-version ?

configure mode commands/options:
any Enter this keyword to accept SSLv2 ClientHellos and negotiate the
highest common version - DEPRECATED use tlsv1 instead
sslv3 Enter this keyword to accept SSLv2 ClientHellos and negotiate
SSLv3 (or greater) - DEPRECATED use tlsv1 instead
sslv3-only Enter this keyword to accept ClientHellos only from a client
using SSLv3 - DEPRECATED use tlsv1 instead
tlsv1 Enter this keyword to accept SSLv2 ClientHellos and negotiate
TLSv1 (or greater)
tlsv1-only Enter this keyword to accept ClientHellos only from a client
using TLSv1
edasfw01(config)# ssl server-version

(I tried to 'any', still fail for security access?)

0 Helpful

Milos_Jovanovic
VIP Alumni
VIP Alumni
In response to jacob.mmchan

‎11-28-2022 03:08 AM

TLS v1.2 was introduced with ASA 9.3(2).

Kind regards,

Milos

jacob.mmchan
Level 1
Level 1
In response to MHM Cisco World

‎11-24-2022 04:00 PM 

no ssl encryption des-sha1
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1

Still not working, after type those commands and the browser still show 'This site can't provide a secure connection'

 

 

0 Helpful

Milos_Jovanovic
VIP Alumni
VIP Alumni

‎11-24-2022 11:48 PM - edited ‎11-24-2022 11:50 PM

Hi @jacob.mmchan,

As @Rob Ingram already wrote, you'll need to upgrade SW to newer release in order to be able to support TLSv1.2.

What HW model is this, and what SW version are you running on? Could you please share output of the "show version" command (pls remove activation key and SN)?

Kind regards,

Milos

0 Helpful

MHM Cisco World
VIP
VIP

‎11-25-2022 04:22 AM

if we cant change the ver and cipher then we can downgrade the PC or make it accept lower ver. 
network & internet > internet option > advanced > select TLS 1.0 and TLS 1.1 
TLS-739x1024.png

0 Helpful

jacob.mmchan
Level 1
Level 1

‎11-29-2022 10:23 PM

Upgraded ASDM Device Manager and ASA .bin version; also no tls 1.2 setting ... any idea?

edasfw01# sh ver

Cisco Adaptive Security Appliance Software Version 9.2(4)33
Device Manager Version 7.17(1)155

Compiled on Mon 30-Apr-18 14:49 by builders
System image file is "disk0:/asa924-33-k8.bin"
Config file at boot was "startup-config"

edasfw01(config)# ssl server-version ?

configure mode commands/options:
any Enter this keyword to accept SSLv2 ClientHellos and negotiate the
highest common version - DEPRECATED use tlsv1 instead
sslv3 Enter this keyword to accept SSLv2 ClientHellos and negotiate
SSLv3 (or greater) - DEPRECATED use tlsv1 instead
sslv3-only Enter this keyword to accept ClientHellos only from a client
using SSLv3 - DEPRECATED use tlsv1 instead
tlsv1 Enter this keyword to accept SSLv2 ClientHellos and negotiate
TLSv1 (or greater)
tlsv1-only Enter this keyword to accept ClientHellos only from a client
using TLSv1
edasfw01(config)# ssl server-version

(I tried to 'any', still fail for security access?)

0 Helpful

Milos_Jovanovic
VIP Alumni
VIP Alumni

‎11-29-2022 11:05 PM

Once again, TLS v1.2 was introduced with ASA 9.3(2). Your ASA is on v9.2 so TLSv1.2 is still not supported on that SW release.

 

Kind regards,

Milos

0 Helpful

jacob.mmchan
Level 1
Level 1
In response to Milos_Jovanovic

‎12-17-2022 11:13 PM

5505 is no 9.3 released

0 Helpful

MHM Cisco World
VIP
VIP
In response to jacob.mmchan

‎12-23-2022 01:38 AM

Hi friend 
are this issue solved ?
if not can you share 
show run all ssl <<--
the OS of your PC and java ver. if you can 

0 Helpful

Milos_Jovanovic
VIP Alumni
VIP Alumni

‎12-18-2022 10:51 PM

Yes, I know. This is what I was trying to get you to, as you weren't saying which HW you are trying this on.

So, you can't run TLSv1.2 on this device. What remains, if absolutely necessary is to permit your browser and Java to run TLSv1.0, for which you can find other posts on this forum.

Kind regards,

Milos

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card