Last night we went to upgrade our firewalls so that only TLS1.x and AES-256/SHA-1 can be used for VPN connections into the box. After doing so, ASDM stopped working, AnyConnect is still working without issue.
Java reported a SSL handshake error. I went to re-enable encryption mechanisms one by one and determined that AES-128/SHA1 is the highest encryption algorithm I can connect via ASDM on. I tried updating ASDM to the latest version and 7.5(2) won't connect on anything higher than AES-128 either. We are using a self signed certificate on the inside interface, so I enabled ASDM on the outside where we have a valid third party cert and tried connecting via https://<url>/admin to make sure it wasn't a certificate issue, and no dice.
It's a little odd to me that ASDM wouldn't support AES-256. I'm wondering if anyone has any ideas as to why I can't connect on AES-256 and/or a workaround. It would also be O.K. to use AES-128 for ASDM connections internally and AES-256 for VPN connections; but I don't see any way to enable the SSL encryption methods on a per-application use, it seems I can only configure them globally and am thus stuck with allowing VPN connections to use AES-128 if they so choose (I made sure connections will negotiate to AES-256 before trying AES-128, but I'd like to completely disable AES-128).
Specs below, thanks in advance for your assistance.
ASA Version: 9.2(2)4
ASDM Version: 7.4(2), I also tried 7.5(2)
Solved! Go to Solution.