Re: CISCO ASA ASDM URL not Working

Cash2106 · ‎06-10-2021

Hi there,

i have configured cisco asa firewall properly and configured http server and IP's as well properly,

but when i am trying to access the url in browser to install the asdm its not opening this url ... the error is attached.

also i am pasting the configuration here for your reference. please help me and tell me how can i resolve that issue.

ASA Version 8.4(3)
!
hostname ciscoasa
enable password R1TW0ikPQjbca/CB encrypted
passwd R1TW0ikPQjbca/CB encrypted
names
!
interface GigabitEthernet0/0
nameif inside
security-level 100
ip address 192.168.2.15 255.255.255.0
!
interface GigabitEthernet0/1
nameif outside
security-level 0
ip address 2.2.2.2 255.255.255.248
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
!
boot system disk0:/asa843-k8.bin
ftp mode passive
pager lines 24
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication http console LOCAL
http server enable
http 192.168.2.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet 192.168.2.0 255.255.255.0 inside
telnet timeout 10
ssh 192.168.2.0 255.255.255.0 inside
ssh timeout 10
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username admin password J8w4GTvS/c1FOPRh encrypted privilege 15
!
!
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:1df1fadc28704b87d7590dfb0f57dd7c

suppose https://192.168.2.15/admin . when i am opening this link the page is giving me error.

Rob Ingram · ‎06-10-2021

@Cash2106

Has this ever worked? The error you are receiving is "SSL_ERROR_NO_CYPHER_OVERLAP”

Refer to this post, which list troubleshooting steps - it could just be you don't have the 3DES license enabled.

https://community.cisco.com/t5/network-security/cannot-connect-to-asa-using-https/td-p/1641948

Or it could be the ASA version (8.4) is so old, that your web browser no longer supports the ciphers that the ASA is using. You could take a packet capture on your computer to provide more information. Regardless, I suggest you upgrade.

Cash2106 · ‎06-10-2021

@Rob Ingrami have another same firewall with the same version, on that firewall the asdm link is working.

but in this firewall i have done the settings basic, which required, but link is not working

how can i resolve that. i am looking to resolve it from last two days so i decided to post it here please help...

Rob Ingram · ‎06-10-2021

Ok, so did you read that post I provided? Did you check to see if you have the 3DES license enabled? If not that post has the steps to follow.

Cash2106 · ‎06-10-2021

@Rob Ingrami have tried these commands, but i am getting some kind of activation key message

ciscoasa# configure terminal
ciscoasa(config)# ssl encryption aes256-sha1
The 3DES/AES algorithms require a VPN-3DES-AES activation key.
ciscoasa(config)# encryption aes128-sha1
^
ERROR: % Invalid input detected at '^' marker.
ciscoasa(config)# ssl encryption aes128-sha1
The 3DES/AES algorithms require a VPN-3DES-AES activation key.
ciscoasa(config)#

i canot get the activation key because i bought this firewall from some third party vendor. is there any way i can get that activation key, because i dont have any contract agreement with cisco ... i have bought this from a third party vendor please help me if its possible.

Rob Ingram · ‎06-10-2021

@Cash2106

From this link https://software.cisco.com/software/swift/lrp/#/pak go to Get Licenses > Request Crypto, IPS and Other License.

Select Security Products > Cisco ASA 3DES/AES License

When request enter your serial number and you will receive the activation key by email. Then from the ASA CLI you run the command "activation-key <the key provided>"

The command "show version" will confirm the 3DES/AES license is enabled.

Cash2106 · ‎06-11-2021

@Rob Ingramthanks for your concern,

but as i mentioned i dont have the cisco agreement contract, so its not allowing me to get the activation key

screen shot attached.

is there any way i can fix this issue.

because i have bought this firewall from a local vendor.

Rob Ingram · ‎06-11-2021

@Cash2106

It's FREE.The error message is clear, you need to click on Register in that link to accept the agreement before you can get the license.

Cash2106 · ‎06-11-2021

@Rob Ingram

i am clicking on register but the page link http://tools.cisco.com/legal/k9/controller/do/k9Check.x?eind=Y

is not opening

saying very busy

trying from the morning but its not opening

Rob Ingram · ‎06-11-2021

@Cash2106

It works for me, no graphics but a message in the center of the page confirms I'm registered for download of encrypted software.

Cash2106 · ‎06-11-2021

@Rob Ingramthis page link really sucks, its not opening in any way, i have tried changing browser, changing internet connection, still getting the same issue. error message on opening this page.

Cash2106 · ‎06-10-2021

i have run the given below command but getting some message please check

ciscoasa(config)# ssl encryption aes256-sha1 aes128-sha1 3des-sha1 des-sha1
The 3DES/AES algorithms require a VPN-3DES-AES activation key.

am i suppose to do anything else ? in the mentioned above link i find out this command and i run it but its giving me the message above pasted