Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
854
Views
0
Helpful
2
Replies

Clientless SSL not working: Cisco ASA 5515x 9.3(3)

Rashid Thompson
Level 1
Level 1

‎05-13-2015 06:18 AM - edited ‎02-21-2020 08:13 PM

Has anyone experienced this issue. I upgraded the ASA software to 9.3(3) (Due to Poodle vulnerabilities) and now I am unable to access the ASA via https (ASDM and clientless SSL). Am I missing something?

 

 

ssl server-version tlsv1
ssl client-version tlsv1
ssl cipher default custom "RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA:3DES-SHA"
ssl cipher sslv3 custom "RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA:3DES-SHA"
ssl cipher tlsv1 custom "RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA:3DES-SHA"
ssl cipher tlsv1.1 medium
ssl cipher tlsv1.2 medium
ssl cipher dtlsv1 custom "RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA:3DES-SHA"
ssl dh-group group2
ssl trust-point ASDM_TrustPoint16 outside
ssl certificate-authentication fca-timeout 2
ssl certificate-authentication interface outside port 330

tunnel-group SoftwareVPN type remote-access
tunnel-group SoftwareVPN general-attributes
 address-pool VPN-Client
 no ipv6-address-pool
 authentication-server-group ADA_AAA
 secondary-authentication-server-group none
 no accounting-server-group
 default-group-policy SoftwareVPN
 no dhcp-server
 no strip-realm
 no nat-assigned-to-public-ip
 no scep-enrollment enable
 no password-management
 no override-account-disable
 no strip-group
 no authorization-required
 username-from-certificate CN OU
 secondary-username-from-certificate CN OU
 authentication-attr-from-server primary
 authenticated-session-username primary
tunnel-group SoftwareVPN webvpn-attributes
 customization DfltCustomization
 authentication aaa
 no override-svc-download
 no radius-reject-message
 no proxy-auth sdi
 no pre-fill-username ssl-client
 no pre-fill-username clientless
 no secondary-pre-fill-username ssl-client
 no secondary-pre-fill-username clientless
 group-alias Anyconnect enable
 dns-group DefaultDNS
 no without-csd
tunnel-group SoftwareVPN ipsec-attributes
 ikev1 pre-shared-key *****
 peer-id-validate req
 no chain
 no ikev1 trust-point
 no ikev1 radius-sdi-xauth
 isakmp keepalive threshold 300 retry 2
 ikev1 user-authentication xauth
 no ikev2 remote-authentication
 no ikev2 local-authentication
tunnel-group SoftwareVPN ppp-attributes
 no authentication pap
 authentication chap
 authentication ms-chap-v1
 no authentication ms-chap-v2
 no authentication eap-proxy

Labels:
0 Helpful
2 Replies 2

Lary OConnor
Level 1
Level 1

‎05-13-2015 08:50 AM

I had the same issue and found removing this line seemed to fix it as I can now login to the ASDM.

ssl cipher default custom "RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA:3DES-SHA"

0 Helpful

Rashid Thompson
Level 1
Level 1
In response to Lary OConnor

‎05-13-2015 10:09 AM

This worked. Thanks!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents