cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Who Me Too'd this topic

ASDM Warning / ASA / 3DES-AES license / HTTPS on non-management-only interface

tom.fransen
Beginner
Beginner

LS,

 

after configuring a Cisco FP1010 running ASA software version 9.14(2) I get a warning when starting ASDM.

 

"You have HTTPS enabled on a non-management-only interface, and you have not enable the Encryption-3DES-AES license. If you configure a feature that can use strong encryption on this interface, then the Encryption-DES will be enforced on this interface. Your management connection to this interface will drop.

 

Enable the Encryption-3DES-AES license, or disable HTTPS on non-management-only interfaces. If your connection get dropped, then you can reconnect on a management-only interface or on an interface not configured for a strong encryption feature"

 

Although the message is (to some extend) very clear. The device does not have the 3DES-AES license.  We do not want to install the license for 3DES-AES. It leaves me with some questions.

 

a) how to get rid of this warning? 

b) Why do I get this warning (my feeling is that HTTP is only enable for the management interface, see below)?

c) What can trigger the described behavior (DES encryption and dropping the management connection)?

 

Our config contains the following lines to enable HTTP so I can use ASDM:

http server enable
http FIREWALL_WEB_CLIENT 255.255.255.255 mgnt

 

So for me this means http is enabled on the management-only interface and not on "non-management-only interfaces".

 

Regards,

TF

Who Me Too'd this topic