cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
32426
Views
20
Helpful
12
Comments
Dev Vishwakarma
Cisco Employee
Cisco Employee

 

Symptoms

When  starting to configure a new ASA 5500-x platform running 8.6(1) code,  many of us have had issues running ASDM on the management port. The  browser does not load ASDM.

 

Conditions

This is seen on ASA 5500-X boxes that have a factory config.

 

Problem

This seems to be caused by the pressense of the following config:

 

ssl encryption des-sha1

Most browsers will reject the SSL connection with that cipher choice.

 

Resolution

First make sure that you have the correct license installed and then correct the config line:

 

no ssl encryption des-sha1
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
Comments
mismiadmin
Community Member

I was stuck in my datacenter for over 2 hours trying to get this to work until I found this link.

Thank you!

It worked like a charm

SaJ

urbanrobots
Community Member

Thanks a billion, its almost embarassing how long i have been troubleshooting this issue.

cchubb
Level 1
Level 1

This one caught me too. 30 minutes of head scratching.

Thanks for posting!

j.bloodsworth
Community Member

Had this issue with a brand-new ASA-5505 right out of the box. This fix did the trick. Thank you.

ASDM v6.4(5)

ASA v8.2(5)

ciscoasa# sh ru ssl

ssl encryption des-sha1

ciscoasa# conf t

ciscoasa(config)# no ssl encryption des-sha1

ciscoasa(config)# ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1

ciscoasa(config)# exit

ciscoasa# sh ru ssl

ciscoasa#        <---doesn't show anything, so it's assumed at default setting.

tahequivoice
Level 2
Level 2

Wow, glad I found this one, I was going nuts thinking I did something wrong in the setup. Works!

robert.brady
Level 1
Level 1

works a treat thanks

THANK YOU !!!!!!!!!!!!! 

2 hours I thought I was going crazy , I appreciate the effort and the info

you are a life saver

Patrick Werner
Level 1
Level 1

Ahhh, thats why my Anyconnect doesnt work, and webvpn too.

Why the hell but cisco that crap on a ASA Box -> ssl encryption des-sha1

thanks, solution worked

Even while doing SSH, putty was giving an error attached.

Shouldnt Cisco upgrade the security levels in brand new asa boxes ?

 

 

 

 

lcruz0001
Community Member

To me either...

I can't do work this, please, help me.

I have a new ASA5545-x, and I can't connect by SSL

 

daburAGG12
Level 1
Level 1

I had a similar issue.

 

SSL encrytion is an old command so I made the following changes to get the ASDM to work when i  was reciving the following error:

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

 

no ssl cipher tlsv1.2 high

ssl cipher tlsv1.2 fips ( I actually used custom but changing it to fips first)

TESS JOSE
Level 1
Level 1

Thanks a lot for this finding. I faced the same issue.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: