Solved: How i can installed the

ti · ‎04-13-2017

Hello community, im a begginer in firewall´s cisco world, but i have a big question for me.

I try alot times some ways to enable4 asdr like this:

ASA1(config)# asdm image disk0:/asdm-761.bin

ASDM requires HTTP and it’s disabled by default, let’s enable it:

ASA1(config)# http server enable

Instead of giving everyone access to the HTTP server we will specify which network and interface are permitted to use the HTTP server:

ASA1(config)# http 192.168.1.0 255.255.255.0 INSIDE

This will only allow network 192.168.1.0 /24 on the inside interface to reach the HTTP server. It might be even a better idea to only allow one or two IP addresses that you use for management instead of an entire network.

Let’s continue and make a user account:

ASA1(config)# username ADMIN password PASSWORD privilege 15

But didnt work :(

Always show in my browser something like :

Unable to communicate securely on the remote system: There is no encryption algorithm (s) in common. Error code: SSL_ERROR_NO_CYPHER_OVERLAP

someboy can help me?? PLEASSEEEE

PS: My scenario is default asa 5506-x

internet ( 10.1.1.1)-----> ASA 5506 1/1 default -------------> 1/2 dhcp server enable range 192.168.1.1

Internet is OK in workstations

Thank You alot :D

Marvin Rhoads · ‎04-14-2017

As Ajay was implying - most commonly the error you see is because the (free) 3DES-AES license is not installed on the ASA. Without that, the browser will not accept the weak DES cipher the ASA presents.

View solution in original post

ajay chauhan · ‎04-13-2017

what license you have on ASA ? can you paste show version o/p here . This has something to do with encryption configured on ASA. Did you also tried from different browsers ?

you can check logs while connecting that will show you exact error.

Ajay

ti · ‎04-14-2017

Sure, look:

show version

Cisco Adaptive Security Appliance Software Version 9.6(1)
Device Manager Version 7.6(1)

Compiled on Fri 18-Mar-16 14:04 PDT by builders
System image file is "disk0:/asa961-lfbff-k8.SPA"
Config file at boot was "startup-config"

fwmetalurgica up 6 mins 9 secs

Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
Internal ATA Compact Flash, 7168MB
BIOS Flash M25P64 @ 0xfed01000, 16384KB

Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Number of accelerators: 1

1: Ext: GigabitEthernet1/1 : address is f80b.cbf7.f1ca, irq 255
2: Ext: GigabitEthernet1/2 : address is f80b.cbf7.f1cb, irq 255
3: Ext: GigabitEthernet1/3 : address is f80b.cbf7.f1cc, irq 255
4: Ext: GigabitEthernet1/4 : address is f80b.cbf7.f1cd, irq 255
5: Ext: GigabitEthernet1/5 : address is f80b.cbf7.f1ce, irq 255
6: Ext: GigabitEthernet1/6 : address is f80b.cbf7.f1cf, irq 255
7: Ext: GigabitEthernet1/7 : address is f80b.cbf7.f1d0, irq 255
8: Ext: GigabitEthernet1/8 : address is f80b.cbf7.f1d1, irq 255
9: Int: Internal-Data1/1 : address is f80b.cbf7.f1c9, irq 255
10: Int: Internal-Data1/2 : address is 0000.0001.0002, irq 0
11: Int: Internal-Control1/1 : address is 0000.0001.0001, irq 0
12: Int: Internal-Data1/3 : address is 0000.0001.0003, irq 0
13: Ext: Management1/1 : address is f80b.cbf7.f1c9, irq 0

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 5 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Disabled perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10 perpetual
Total VPN Peers : 12 perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Shared License : Disabled perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Cluster : Disabled perpetual

This platform has a Base license.

Serial Number: JAD210801JF
Running Permanent Activation Key: 0xc337c472 0xe459ae85 0xa8106d1c 0xa25c0880 0x8618228a
Configuration register is 0x1
Image type : Release
Key Version : A
Configuration last modified by enable_15 at 05:22:53.869 UTC Fri Apr 14 2017

Im try in different browsers ( IE, Firefox, Google Chrome, Edge) and have the same error :(

Please help me !

Ty Pedro

ajay chauhan · ‎04-14-2017

DES will not work you should have license to enable 3DES to access SSL.

Ajay

ti · ‎04-14-2017

I need buy this licence? What would be the method to activate?

Ty Pedro

ajay chauhan · ‎04-14-2017

Its free

ASA strong crypto (3DES / AES) keys are available at: http://www.cisco.com/go/license

Enter your CCO userid and password
Click the “Continue to Product License Activation” link.
Click Get Other Licenses > IPS, Crypto, Other…
Select Security Products > Cisco ASA 3DES/AES License, click Next
Enter ASA Serial number and click Next
- If this is the first time you have applied for a strong crypto product, review and accept the terms of the license windows. You may need to return to http://www.cisco.com/go/license and complete the steps above.
In the 3. Review and Submit window, click the I Agree with the terms of the License check box, review your contact information, and click Submit
An email will be sent you with the ASA Activation key and instructions on how to apply the key

Once you have it configure -

Configuration:

activation-key key [activate | deactivate]
ASA# activation-key 0xd11b3d48 0xa80a4c0a 0x48e0fd1c 0xb0443480 0x843fc490

ti · ‎04-14-2017

Im follow all steps, the site send me the serial but have one error :

ERROR: The requested activation key was not saved because it is not
valid for this system.

Some solution?

Ty Pedro

Marvin Rhoads · ‎04-14-2017

Pedro,

Double check that you used the correct serial number in requesting the key. It should be the one you have shown in the "show version" output:

JAD210801JF

If that is correct also double check that you enter the key exactly correct without any extra spaces etc.

ti · ‎04-14-2017

Hello, i follow some steps above:

conf t

activation-key ae26c047 20c14f22 XXXXXXX ae2c2018 XXXXXXX

Of course i use the complet key.

Some error?

Ty

ti · ‎04-14-2017

I come through this post to thank everyone who helped me @Marvin Rhoads and @ajay chauhan, you guys are amazing.

My error was: I put the serial that is under the firewall to generate the license, and in fact I needed to have put the serial of the software that is installed in the firewall.

After generating a new license enabled the 3DES and the ASDM worked !! I was in that problem three days ago.

Thank you all!

PS: i found one video for this process...

https://www.youtube.com/watch?v=yn_qCnOh9xk

Marvin Rhoads · ‎04-14-2017

You're welcome.

Thanks for rating.

Marvin Rhoads · ‎04-14-2017

As Ajay was implying - most commonly the error you see is because the (free) 3DES-AES license is not installed on the ASA. Without that, the browser will not accept the weak DES cipher the ASA presents.

ti · ‎04-14-2017

How i can installed the license in my ASA 5506-x?

Im really a begginer user and dont know how make it :(

Ty Pedro

Dont enable ASDM!!

Configuration: