ASA 5500-x: ASDM and other SSL function do not work out of the box

Document

May 21, 2012 11:26 PM
May 21st, 2012

Symptoms

When  starting to configure a new ASA 5500-x platform running 8.6(1) code,  many of us have had issues running ASDM on the management port. The  browser does not load ASDM.

Conditions

This is seen on ASA 5500-X boxes that have a factory config.

Problem

This seems to be caused by the pressense of the following config:

ssl encryption des-sha1

Most browsers will reject the SSL connection with that cipher choice.

Resolution

First make sure that you have the correct license installed and then correct the config line:

no ssl encryption des-sha1
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
Average Rating: 5 (2 ratings)

Comments

mismiadmin Wed, 08/22/2012 - 17:00

I was stuck in my datacenter for over 2 hours trying to get this to work until I found this link.

Thank you!

It worked like a charm

SaJ

urbanrobots Thu, 09/06/2012 - 13:22

Thanks a billion, its almost embarassing how long i have been troubleshooting this issue.

cchubb Wed, 10/03/2012 - 09:00

This one caught me too. 30 minutes of head scratching.

Thanks for posting!

j.bloodsworth Mon, 10/08/2012 - 12:49

Had this issue with a brand-new ASA-5505 right out of the box. This fix did the trick. Thank you.

ASDM v6.4(5)

ASA v8.2(5)

ciscoasa# sh ru ssl

ssl encryption des-sha1

ciscoasa# conf t

ciscoasa(config)# no ssl encryption des-sha1

ciscoasa(config)# ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1

ciscoasa(config)# exit

ciscoasa# sh ru ssl

ciscoasa#        <---doesn't show anything, so it's assumed at default setting.

tahequivoice Thu, 12/27/2012 - 08:47

Wow, glad I found this one, I was going nuts thinking I did something wrong in the setup. Works!

anthony225 Thu, 05/23/2013 - 14:08

THANK YOU !!!!!!!!!!!!! 

2 hours I thought I was going crazy , I appreciate the effort and the info

you are a life saver

patrick.werner Thu, 10/17/2013 - 02:09

Ahhh, thats why my Anyconnect doesnt work, and webvpn too.

Why the hell but cisco that crap on a ASA Box -> ssl encryption des-sha1

Actions

Login or Register to take actions

This Document

Posted May 21, 2012 at 11:26 PM
Stats:
Comments:8 Avg. Rating:5
Views:9952 Contributors:8
Shares:3
Tags: asdm, ssl, other, asa, out, do, box
+

Related Content

Documents Leaderboard