Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Access to my ASDM ASA5505

Hi I have been using a few days the firewall ASA5505 they've completely put new, the ASA Version 8.4 (2) have been playing and the ASDM version 6.4 (9). I have the Basic Config loaded with the command "conf t" and "Facorty default-config."

Now I want to connect to this firewall, but this is not because he always says he unable to connect to the firewall. The IP settings I have the following: IP address 192.168.1.6 Subnet: 255.255.255.0 Gateway: 192.168.1.1. How can I connect to or what I'm doing wrong?

Executing command: interface Ethernet 0/0

Executing command: switchport access vlan 2

Executing command: no shutdown

Executing command: exit

Executing command: interface Ethernet 0/1

Executing command: switchport access vlan 1

Executing command: no shutdown

Executing command: exit

Executing command: interface Ethernet 0/2

Executing command: switchport access vlan 1

Executing command: no shutdown

Executing command: exit

Executing command: interface Ethernet 0/3

Executing command: switchport access vlan 1

Executing command: no shutdown

Executing command: exit

Executing command: interface Ethernet 0/4

Executing command: switchport access vlan 1

Executing command: no shutdown

Executing command: exit

Executing command: interface Ethernet 0/5

Executing command: switchport access vlan 1

Executing command: no shutdown

Executing command: exit

Executing command: interface Ethernet 0/6

Executing command: switchport access vlan 1

Executing command: no shutdown

Executing command: exit

Executing command: interface Ethernet 0/7

Executing command: switchport access vlan 1

Executing command: no shutdown

Executing command: exit

Executing command: interface vlan2

Executing command: nameif outside

INFO: Security level for "outside" set to 0 by default.

Executing command: no shutdown

Executing command: ip address dhcp setroute

Executing command: exit

Executing command: interface vlan1

Executing command: nameif inside

INFO: Security level for "inside" set to 100 by default.

Executing command: ip address 192.168.1.1 255.255.255.0

Executing command: security-level 100

Executing command: allow-ssc-mgmt

ERROR: SSC card is not available

Executing command: no shutdown

Executing command: exit

Executing command: object network obj_any

Executing command: subnet 0.0.0.0 0.0.0.0

Executing command: nat (inside,outside) dynamic interface

Executing command: exit

Executing command: http server enable

Executing command: http 192.168.1.0 255.255.255.0 inside

Executing command: dhcpd address 192.168.1.5-192.168.1.36 inside

Executing command: dhcpd auto_config outside

Executing command: dhcpd enable inside

Executing command: logging asdm informational

Factory-default configuration is completed

ciscoasa(config)#  wr

Building configuration...

Cryptochecksum: ee2b2e47 c2886bf3 b45f3afb bccbfb1e

7 REPLIES
Hall of Fame Super Silver

Access to my ASDM ASA5505

Please provide output of "show ssl". You may need to add strong cipher support.

Reference.

Community Member

Access to my ASDM ASA5505

I have the same issue with connecting to ASDM via Windows 8.

I have found that I can connect with Windows XP, but my new laptop is 8 Pro and this is the second new ASA I have installed recently that will not allow me to connect to the ASDM. This one is 6.4.5.

Hall of Fame Super Silver

Access to my ASDM ASA5505

Newer browsers do not allow you to connect to SSL servers running weak encyption algorithms (e.g. des).

Last year Cisco started turning off the strong algorithms (aes and 3des) by default on ASAs.

You can check using the command I suggested above.

Community Member

Access to my ASDM ASA5505

When I run that I get the following.

ciscoasa# show ssl

Accept connections using SSLv2, SSLv3 or TLSv1 and negotiate to SSLv3 or TLSv1

Start connections using SSLv3 and negotiate to SSLv3 or TLSv1

Enabled cipher order: des-sha1

Disabled ciphers: 3des-sha1 rc4-md5 rc4-sha1 aes128-sha1 aes256-sha1 null-sha1

No SSL trust-points configured

Certificate authentication is not enabled

What should I change?

Thanks.

Hall of Fame Super Silver

Access to my ASDM ASA5505

Yep - note the section that says the only enabled cipher is des-sha1.

Fix it by:

conf t
     ssl encryption aes128-sha1 aes256-sha1 3des-sha1
     exit
wr mem

Then re-check ASDM.

Community Member

Access to my ASDM ASA5505

Thanks. I found it and I am now downloading the free license to enable it as it baulked when I ran that command.

Hall of Fame Super Silver

Access to my ASDM ASA5505

Ah yes, as you note the (free) 3DES-AES license needs to be active to use strong encryption.

281
Views
0
Helpful
7
Replies
CreatePlease to create content