Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ASDM Config Help

I am trying to veiw my PIX515e via the ASDM, but I am unable to...Can you review my config and make sure I have everything setup the way it is supposed to?

PIX Version 8.0(4)32


hostname pixfirewall


enable password DQucN59Njn0OjpJL encrypted

passwd DQucN59Njn0OjpJL encrypted

no names


interface Ethernet0

nameif outside

security-level 0

ip address


interface Ethernet1

nameif inside

security-level 100

ip address


interface Ethernet2


nameif exchange

security-level 100

ip address


ftp mode passive

dns domain-lookup inside

dns server-group DefaultDNS




access-list ouside-acl extended permit tcp any host eq smtp

access-list ouside-acl extended permit tcp any host eq www

access-list ouside-acl extended permit tcp any host https

pager lines 24

mtu outside 1500

mtu inside 1500

mtu exchange 1500

icmp unreachable rate-limit 1 burst-size 1

icmp deny any outside

asdm image flash:/asdm-602.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1

static (inside,outside) tcp interface smtp smtp netmask

static (inside,outside) tcp interface https https netmask

static (inside,outside) tcp interface www www netmask

access-group ouside-acl in interface outside


router eigrp 1






route outside 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

http server enable

http inside

http inside

http inside

no snmp-server location

no snmp-server contact

snmp-server community *****

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet inside

telnet timeout 5

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept


class-map inspection_default

match default-inspection-traffic



policy-map type inspect dns preset_dns_map


  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect netbios

  inspect rsh

  inspect rtsp

  inspect skinny

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip

  inspect xdmcp

  inspect http

  inspect ils


service-policy global_policy global

prompt hostname context


: end

Everyone's tags (2)

ASDM Config Help

Hello Jonathan,

Looks good to me can you do a sh version and confirm you have this file there: asdm-602.bin

Also provide us the show run ssl



Do rate all the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
New Member

ASDM Config Help

pixfirewall# show ssl

Accept connections using SSLv2, SSLv3 or TLSv1 and negotiate to SSLv3 or TLSv1

Start connections using SSLv3 and negotiate to SSLv3 or TLSv1

Enabled cipher order: des-sha1

Disabled ciphers: 3des-sha1 rc4-md5 rc4-sha1 aes128-sha1 aes256-sha1 null-sha1

No SSL trust-points configured

Certificate authentication is not enabled

pixfirewall# show flash

Directory of flash:/

5      -rw-  7649280     16:05:24 Feb 06 2012  pix804.bin

6      -rw-  6889764     14:12:28 May 19 2012  asdm-602.bin

When I try to go to the PIX via web browser, I get:

Secure Connection Failed

An error occurred during a connection to

Cannot communicate securely with peer: no common encryption algorithm(s).

(Error code: ssl_error_no_cypher_overlap)

Re: ASDM Config Help


Yes I know what the problem is

the Cipher used by the web browser is not the same than the one the ASA uses.

You will need to get the des/aes license and then change the SSL cipher

Unfortunatelly I do not have the link with me, but as soon as I has it ( tomorrow morning as maximum)  I will give it to you

100 % sure this will solve your problem.

EDIT: Here is the link to get the license you need ( it will be for free)

After installing the license please add the following command:

ssl encryption aes256-sha1 aes128-sha1 3des-sha1

Finally test it one more time! That should do it

DO rate all the helpful posts


Julio Carvajal
Senior Network Security and Core Specialist
CreatePlease to create content