Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
609
Views
0
Helpful
0
Replies

Cannot access ASDM with SSL ciphers

JMJr
Level 1
Level 1

‎10-16-2019 07:36 PM

Hello.

 

Have a new ASAv install using Anyconnect SSL VPN. Running 9.12(1), Device Mngr 7.12(1).

VPN aaa-server is successfully authenticated too but the license will not register.

Cet the REGISTRATION IN PROGRESS msg when checking sh license status.

 

Logs show the following: 

Oct 16 2019 23:15:11 ASAv-p2 : %ASA-3-717009: Certificate validation failed. No suitable trustpoints found to validate certificate serial number: 0509, subject name: cn=QuoVadis Root CA 2,o=QuoVadis Limited,c=BM, issuer name: cn=QuoVadis Root CA 2,o=QuoVadis Limited,c=BM .

Oct 16 2019 23:15:11 ASAv-p2 : %ASA-3-717009: Certificate validation failed. No suitable trustpoints found to validate certificate serial number: 7517167783D0437EB556C357946E4563B8EBD3AC, subject name: cn=HydrantID SSL ICA G2,o=HydrantID (Avalanche Cloud Corporation),c=US, issuer name: cn=QuoVadis Root CA 2,o=QuoVadis Limited,c=BM .

Oct 16 2019 23:15:11 ASAv-p2 : %ASA-3-717009: Certificate validation failed. No suitable trustpoints found to validate certificate serial number: 3000683B0F7504F7B244B3EA7FC00927E960D735, subject name: cn=tools.cisco.com,o=Cisco Systems\, Inc.,l=San Jose,st=CA,c=US, issuer name: cn=HydrantID SSL ICA G2,o=HydrantID (Avalanche Cloud Corporation),c=US .

Oct 16 2019 23:15:11 ASAv-p2 : %ASA-3-717027: Certificate chain failed validation. No suitable trustpoint was found to validate chain.

Oct 16 2019 23:15:11 ASAv-p2 : %ASA-3-444303: %SMART_LIC-3-AGENT_REG_FAILED:Smart Agent for Licensing Registration with the Cisco Smart Software Manager or satellite failed: Communication message send error

Oct 16 2019 23:15:11 ASAv-p2 : %ASA-3-444303: %SMART_LIC-3-COMM_FAILED:Communications failure with the Cisco Smart Software Manager or satellite : Communication message send error

 

Tried to login via ASDM to apply the certs but cannot login, get the java.net.ConnectException: Connection timed out in the java console logs. Checked thru some forums and found several posts to download the jce extensions and place the files in the lib/security folder and/or folder for Java/ASDM via the task manager but that did not work.

 

Looked at the ssl configuration but the ssl encryption command is no longer available, only the ssl ciphers command is available. I have set AES-128 to be used but still no access via ASDM.

 

ASAv-p2# sh run ssl

ssl cipher tlsv1 custom "AES128-SHA"

ssl dh-group group14

 

ASAv-p2# sh run all ssl

ssl server-version tlsv1 dtlsv1

ssl client-version tlsv1

ssl cipher default medium

ssl cipher tlsv1 custom "AES128-SHA"

ssl cipher tlsv1.1 medium

ssl cipher tlsv1.2 medium

ssl cipher dtlsv1 medium

ssl cipher dtlsv1.2 medium

ssl dh-group group14

ssl ecdh-group group19

ssl certificate-authentication fca-timeout 2

 

Both DES and 3DES enables in sh ver:

Encryption-DES                    : Enabled        

Encryption-3DES-AES               : Enabled

 

Can anyone help with this issue as I am not sure what to do other than try to install the certificates via the command line again. This did not work as I received an error via the CLI.....need ASDM.

 

Thanks... 

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card