Showing results for 
Search instead for 
Did you mean: 

Clientless SSL not working: Cisco ASA 5515x 9.3(3)

Rashid Thompson
Level 1
Level 1

Has anyone experienced this issue. I upgraded the ASA software to 9.3(3) (Due to Poodle vulnerabilities) and now I am unable to access the ASA via https (ASDM and clientless SSL). Am I missing something?



ssl server-version tlsv1
ssl client-version tlsv1
ssl cipher default custom "RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA:3DES-SHA"
ssl cipher sslv3 custom "RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA:3DES-SHA"
ssl cipher tlsv1 custom "RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA:3DES-SHA"
ssl cipher tlsv1.1 medium
ssl cipher tlsv1.2 medium
ssl cipher dtlsv1 custom "RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA:3DES-SHA"
ssl dh-group group2
ssl trust-point ASDM_TrustPoint16 outside
ssl certificate-authentication fca-timeout 2
ssl certificate-authentication interface outside port 330

tunnel-group SoftwareVPN type remote-access
tunnel-group SoftwareVPN general-attributes
 address-pool VPN-Client
 no ipv6-address-pool
 authentication-server-group ADA_AAA
 secondary-authentication-server-group none
 no accounting-server-group
 default-group-policy SoftwareVPN
 no dhcp-server
 no strip-realm
 no nat-assigned-to-public-ip
 no scep-enrollment enable
 no password-management
 no override-account-disable
 no strip-group
 no authorization-required
 username-from-certificate CN OU
 secondary-username-from-certificate CN OU
 authentication-attr-from-server primary
 authenticated-session-username primary
tunnel-group SoftwareVPN webvpn-attributes
 customization DfltCustomization
 authentication aaa
 no override-svc-download
 no radius-reject-message
 no proxy-auth sdi
 no pre-fill-username ssl-client
 no pre-fill-username clientless
 no secondary-pre-fill-username ssl-client
 no secondary-pre-fill-username clientless
 group-alias Anyconnect enable
 dns-group DefaultDNS
 no without-csd
tunnel-group SoftwareVPN ipsec-attributes
 ikev1 pre-shared-key *****
 peer-id-validate req
 no chain
 no ikev1 trust-point
 no ikev1 radius-sdi-xauth
 isakmp keepalive threshold 300 retry 2
 ikev1 user-authentication xauth
 no ikev2 remote-authentication
 no ikev2 local-authentication
tunnel-group SoftwareVPN ppp-attributes
 no authentication pap
 authentication chap
 authentication ms-chap-v1
 no authentication ms-chap-v2
 no authentication eap-proxy