01-16-2020 12:24 PM - edited 02-21-2020 09:50 AM
Good afternoon - I have an issue where a user cannot access a banking site, and is getting an "end of file error" that references TLS. We have a cisco 5505 running 9.2.4(27). From what I've read, I need at least version 9.3(2), which that firewall cannot run. I'm just looking for conformation at this point; I can enable 1.0 but 1.2 isn't an option. If the only way to get around it is a newer firewall, then it looks like they're getting one. If I'm incorrect, please let me know!
01-16-2020 12:30 PM
if user is getting an error while access the banking website is nothing to do with the 5505 firewall. yes in between user and banking website this firewall is doing packet inspection and transfer than how come problem is with 5505?
01-16-2020 12:44 PM
01-16-2020 01:19 PM
show you past the show ssl output from your firewall.
show ssl
!
also going forward the 5505 are end of life and end of support. worth consider 5506-x (this is also gone end of life) or consider FTD 1001. this run the FTD sofware.
01-16-2020 12:38 PM - edited 01-16-2020 12:40 PM
Hi,
I think configuring TLS on the ASA would refer to web sessions terminated on the ASA, such as ASDM and SSL-VPN, not traffic traversing the firewall. Take a packet capture from the client computer or span port, have a look at the TLS handshake and observe the errors (post the pcap here if you need further assistance).
Regardless, you should probably consider upgrading the ASA 5505, it doesn't offer much protection nowadays from today's threats. If you conside replacing it with a cisco firewall, consider Firepower 1010.
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide