Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
756
Views
0
Helpful
1
Replies

ASDM Management console and SSL

Michael986
Level 1
Level 1

‎09-06-2011 06:02 PM - edited ‎03-07-2019 02:04 AM

Our main ASA5510 is set up to failover to a second 5510, and is using the management port for that purpose. All of the other LAN ports are in use.

Currently we can manage the ASA using ASDM5.2 from and device on the LAN.

We are now going through PCI Compliance, and one of the vunerability scans has picked up the fact that the firewall appears to accept connections on SSL v2. However, if I try to set SSL to use v3 or TLS v1 only (as we don't use webVPN), I get a message that I will no longer be able to use ASDM to manage the firewall as changing to SSL v3 will 'prevent ASDM from establishing a secure connection with the ASA'

So does this mean that the ASA does use / accept SSL v2? The help files say that it will accept 'hellos' in v2 but will then try to negotiate to SSLv3 or TLS v1. It doesn't give more details about what happens next, but I would have assumed that if it can't negotiate to one of the later protocols it will drop the connection - is this correct? If that's the case I may be able to get PCI to accept it.

However, if this is not acceptiable and I have to switch to SSL v3, what options do I now have of administering the ASA through a GUI?

Labels:
0 Helpful
1 Reply 1

Michael986
Level 1
Level 1

‎09-29-2011 12:02 AM

Can anyone give me any advice on this? The cisco documentation doesn't really explain whether ASDM uses SSLv2 or v3 - any help would be appreciated.

Thanks

Michael

0 Helpful
Customers Also Viewed These Support Documents