Not able to access from Outside Networking through ASDM

qautomation · ‎03-22-2023

Hi all,

We purchased the Firepower 2110 loaded with ASA. While sending from factory and there was no base license enabled.

We commissioned the Firewall and while we are trying to access the Firewall from outside Network it throws an error as SSL.

Rob Ingram · ‎03-22-2023

@qautomation the error indicates a TLS cipher mismatch.

What is configured on the ASA? Run the command show ssl

You can configure secure TLS/SSL protocol, from the CLI enter the command ssl server-version tlsv1.2 dtlsv1.2

Then to use the more secure ciphers, from the CLI enter the commands:

ssl cipher tlsv1.2 high
ssl cipher dtlsv1.2 high

More information here on configuring secure TLS ciphers on the ASA - https://integratingit.wordpress.com/2021/01/27/securing-asa-tls-ciphers/

If you still have a problem please provide your configuration so we can review.

Marvin Rhoads · ‎03-22-2023

Did you register the ASA with a Smart license token yet? You will need to do so and make sure that the "allow export controlled features" tick box is checked in your smart portal when creating the registration token. That will ensure that 3DES-AES licensing is enabled which allows the ASA to activate modern cryptographic protocol support.

qautomation · ‎03-22-2023

Hi,

We hadn't registered the smart license token yet. We would like to understand whether due to this we are not able to access it from Outside Network. As the Firewalls installed in Air-Gapped(On-Perm). During Purchase of the Firewall we have to request for PLR ?