04-13-2017 07:53 PM - edited 03-12-2019 02:13 AM
Hello community, im a begginer in firewall´s cisco world, but i have a big question for me.
I try alot times some ways to enable4 asdr like this:
ASA1(config)# asdm image disk0:/asdm-761.bin
ASDM requires HTTP and it’s disabled by default, let’s enable it:
ASA1(config)# http server enable
Instead of giving everyone access to the HTTP server we will specify which network and interface are permitted to use the HTTP server:
ASA1(config)# http 192.168.1.0 255.255.255.0 INSIDE
This will only allow network 192.168.1.0 /24 on the inside interface to reach the HTTP server. It might be even a better idea to only allow one or two IP addresses that you use for management instead of an entire network.
Let’s continue and make a user account:
ASA1(config)# username ADMIN password PASSWORD privilege 15
But didnt work :(
Always show in my browser something like :
Unable to communicate securely on the remote system: There is no encryption algorithm (s) in common. Error code: SSL_ERROR_NO_CYPHER_OVERLAP
someboy can help me?? PLEASSEEEE
PS: My scenario is default asa 5506-x
internet ( 10.1.1.1)-----> ASA 5506 1/1 default -------------> 1/2 dhcp server enable range 192.168.1.1
Internet is OK in workstations
Thank You alot :D
Solved! Go to Solution.
04-14-2017 05:35 AM
As Ajay was implying - most commonly the error you see is because the (free) 3DES-AES license is not installed on the ASA. Without that, the browser will not accept the weak DES cipher the ASA presents.
04-13-2017 10:18 PM
what license you have on ASA ? can you paste show version o/p here . This has something to do with encryption configured on ASA. Did you also tried from different browsers ?
you can check logs while connecting that will show you exact error.
Ajay
04-14-2017 06:28 AM
Sure, look:
show version
Cisco Adaptive Security Appliance Software Version 9.6(1)
Device Manager Version 7.6(1)
Compiled on Fri 18-Mar-16 14:04 PDT by builders
System image file is "disk0:/asa961-lfbff-k8.SPA"
Config file at boot was "startup-config"
fwmetalurgica up 6 mins 9 secs
Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
Internal ATA Compact Flash, 7168MB
BIOS Flash M25P64 @ 0xfed01000, 16384KB
Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Number of accelerators: 1
1: Ext: GigabitEthernet1/1 : address is f80b.cbf7.f1ca, irq 255
2: Ext: GigabitEthernet1/2 : address is f80b.cbf7.f1cb, irq 255
3: Ext: GigabitEthernet1/3 : address is f80b.cbf7.f1cc, irq 255
4: Ext: GigabitEthernet1/4 : address is f80b.cbf7.f1cd, irq 255
5: Ext: GigabitEthernet1/5 : address is f80b.cbf7.f1ce, irq 255
6: Ext: GigabitEthernet1/6 : address is f80b.cbf7.f1cf, irq 255
7: Ext: GigabitEthernet1/7 : address is f80b.cbf7.f1d0, irq 255
8: Ext: GigabitEthernet1/8 : address is f80b.cbf7.f1d1, irq 255
9: Int: Internal-Data1/1 : address is f80b.cbf7.f1c9, irq 255
10: Int: Internal-Data1/2 : address is 0000.0001.0002, irq 0
11: Int: Internal-Control1/1 : address is 0000.0001.0001, irq 0
12: Int: Internal-Data1/3 : address is 0000.0001.0003, irq 0
13: Ext: Management1/1 : address is f80b.cbf7.f1c9, irq 0
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 5 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Disabled perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10 perpetual
Total VPN Peers : 12 perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Shared License : Disabled perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Cluster : Disabled perpetual
This platform has a Base license.
Serial Number: JAD210801JF
Running Permanent Activation Key: 0xc337c472 0xe459ae85 0xa8106d1c 0xa25c0880 0x8618228a
Configuration register is 0x1
Image type : Release
Key Version : A
Configuration last modified by enable_15 at 05:22:53.869 UTC Fri Apr 14 2017
Im try in different browsers ( IE, Firefox, Google Chrome, Edge) and have the same error :(
Please help me !
Ty Pedro
04-14-2017 06:34 AM
DES will not work you should have license to enable 3DES to access SSL.
Ajay
04-14-2017 06:37 AM
I need buy this licence? What would be the method to activate?
Ty Pedro
04-14-2017 06:43 AM
Its free
ASA strong crypto (3DES / AES) keys are available at: http://www.cisco.com/go/license
Once you have it configure -
activation-key key [activate | deactivate] ASA# activation-key 0xd11b3d48 0xa80a4c0a 0x48e0fd1c 0xb0443480 0x843fc490
04-14-2017 06:59 AM
Im follow all steps, the site send me the serial but have one error :
ERROR: The requested activation key was not saved because it is not
valid for this system.
Some solution?
Ty Pedro
04-14-2017 07:58 AM
Pedro,
Double check that you used the correct serial number in requesting the key. It should be the one you have shown in the "show version" output:
JAD210801JF
If that is correct also double check that you enter the key exactly correct without any extra spaces etc.
04-14-2017 12:12 PM
Hello, i follow some steps above:
conf t
activation-key ae26c047 20c14f22 XXXXXXX ae2c2018 XXXXXXX
Of course i use the complet key.
Some error?
Ty
04-14-2017 12:38 PM
I come through this post to thank everyone who helped me @Marvin Rhoads and @ajay chauhan, you guys are amazing.
My error was: I put the serial that is under the firewall to generate the license, and in fact I needed to have put the serial of the software that is installed in the firewall.
After generating a new license enabled the 3DES and the ASDM worked !! I was in that problem three days ago.
Thank you all!
PS: i found one video for this process...
https://www.youtube.com/watch?v=yn_qCnOh9xk
04-14-2017 08:24 PM
You're welcome.
Thanks for rating.
04-14-2017 05:35 AM
As Ajay was implying - most commonly the error you see is because the (free) 3DES-AES license is not installed on the ASA. Without that, the browser will not accept the weak DES cipher the ASA presents.
04-14-2017 06:31 AM
How i can installed the license in my ASA 5506-x?
Im really a begginer user and dont know how make it :(
Ty Pedro
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide