Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
32425
Views
20
Helpful
12
Comments

ASA 5500-x: ASDM and other SSL function do not work out of the box

Dev Vishwakarma
Cisco Employee
Cisco Employee

‎05-21-2012 11:26 PM - edited ‎03-08-2019 06:45 PM

 

Symptoms

When  starting to configure a new ASA 5500-x platform running 8.6(1) code,  many of us have had issues running ASDM on the management port. The  browser does not load ASDM.

 

Conditions

This is seen on ASA 5500-X boxes that have a factory config.

 

Problem

This seems to be caused by the pressense of the following config:

 

ssl encryption des-sha1

Most browsers will reject the SSL connection with that cipher choice.

 

Resolution

First make sure that you have the correct license installed and then correct the config line:

 

no ssl encryption des-sha1
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
Labels:
Comments
mismiadmin
Community Member
‎08-22-2012 05:00 PM

I was stuck in my datacenter for over 2 hours trying to get this to work until I found this link.

Thank you!

It worked like a charm

SaJ

urbanrobots
Community Member
‎09-06-2012 01:22 PM

Thanks a billion, its almost embarassing how long i have been troubleshooting this issue.

cchubb
Level 1
Level 1
‎10-03-2012 09:00 AM

This one caught me too. 30 minutes of head scratching.

Thanks for posting!

j.bloodsworth
Community Member
‎10-08-2012 12:49 PM

Had this issue with a brand-new ASA-5505 right out of the box. This fix did the trick. Thank you.

ASDM v6.4(5)

ASA v8.2(5)

ciscoasa# sh ru ssl

ssl encryption des-sha1

ciscoasa# conf t

ciscoasa(config)# no ssl encryption des-sha1

ciscoasa(config)# ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1

ciscoasa(config)# exit

ciscoasa# sh ru ssl

ciscoasa#        <---doesn't show anything, so it's assumed at default setting.

tahequivoice
Level 2
Level 2
‎12-27-2012 08:47 AM

Wow, glad I found this one, I was going nuts thinking I did something wrong in the setup. Works!

robert.brady
Level 1
Level 1
‎02-20-2013 06:23 AM

works a treat thanks

John Coccioletti
Level 1
Level 1
‎05-23-2013 02:08 PM

THANK YOU !!!!!!!!!!!!! 

2 hours I thought I was going crazy , I appreciate the effort and the info

you are a life saver

Patrick Werner
Level 1
Level 1
‎10-17-2013 02:09 AM

Ahhh, thats why my Anyconnect doesnt work, and webvpn too.

Why the hell but cisco that crap on a ASA Box -> ssl encryption des-sha1

viveknathmangalat33
Level 1
Level 1
‎02-24-2015 07:58 PM

thanks, solution worked

Even while doing SSH, putty was giving an error attached.

Shouldnt Cisco upgrade the security levels in brand new asa boxes ?

 

 

 

 

lcruz0001
Community Member
‎08-11-2015 01:00 PM

To me either...

I can't do work this, please, help me.

I have a new ASA5545-x, and I can't connect by SSL

 

daburAGG12
Level 1
Level 1
‎10-12-2017 05:36 AM

I had a similar issue.

 

SSL encrytion is an old command so I made the following changes to get the ASDM to work when i  was reciving the following error:

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

 

no ssl cipher tlsv1.2 high

ssl cipher tlsv1.2 fips ( I actually used custom but changing it to fips first)

TESS JOSE
Level 1
Level 1
‎01-08-2018 09:11 PM

Thanks a lot for this finding. I faced the same issue.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents