Solved: Re: Installing ASA5505 on my home network - Page 2

John Bachman · ‎07-18-2013

Hi, Just purchased a ASA5505 for my CCNA Security

I want to use one of the interface (the outside interface VLAN2 port eth0/0) to connect to my home network to be able to mange it and use ADSM form my PC. This eth0/0 is set for DHCP on the ASA and I optain IP 192.168.30.151 from my Cisco e4200 home router. Now, I can not https to acess it. I can only access it thru VLAN1 (the inside VLAN) thru a closed network.

How can I connect the VLAN2 port 0 interface to my network ? I can ping it, but can not https into it. Do I need to setup DMZ or Application/gamig port ?

Thank you.

John Bachman · ‎07-18-2013

I have removed the e4200 and connected a cable between the the pc and the asa.
I can ping .163 but can not https into it.

Sent from Cisco Technical Support iPad App

Marvin Rhoads · ‎07-18-2013

Did you try adding the "ssl encryption des-sha1 aes256-sha1"?

Does anything happen on the ASA's ASDM log as you try to connect?

johnlloyd_13 · ‎07-18-2013

kindly post dir and show asdm image output.

also, put the command that marvin suggested earlier and try again ssl encryption des-sha1 aes256-sha1

John Bachman · ‎07-18-2013

Thanks, I will try the command Marvin posted.
I have upgraded the Asa to 9.1, I will post flash disk0:/

Sent from Cisco Technical Support iPad App

John Bachman · ‎07-19-2013

it works fine from the inside interfaces, (eth 1-7) but not from the outside interface (0)

Even after I entered

http 192.168.0.0.255.255.255.0 outside

I tried the command from Marvin, but since it worlk on the inside interfces, that cant be it.

Maybe I will just go back to the 8.2.1 version, might a be a but after i ungraded to 9.1 Thanks !

asa5505# config t
asa5505(config)# ssl encryption des-sha1 aes256-sha1
The 3DES/AES algorithms require a Encryption-3DES-AES activation key.
asa5505(config)#
asa5505(config)#
asa5505(config)# sh flash
--#-- --length-- -----date/time------ path
   10 4096        Jan 01 2008 00:00:22 log
   16 4096        Jan 01 2008 00:00:28 crypto_archive
   17 4096        Aug 28 2008 00:23:10 coredumpinfo
   18 59          Jan 01 2008 00:01:44 coredumpinfo/coredump.cfg
   92 27482112    Aug 28 2008 02:04:08 asa912-k8.bin
   93 18097844    Aug 28 2008 02:04:50 asdm-713.bin
   94 2418        Jan 01 2008 00:01:24 8_2_1_0_startup_cfg.sav
   95 1189        Jan 01 2008 00:01:44 upgrade_startup_errors_200801010001.log

127111168 bytes total (81002496 bytes free)
asa5505(config)

John Bachman · ‎07-19-2013

Spent all afternoon on this, but I fixed it.

The fact that I was not able to https into it, was because of the activation keys, - I had none !

Even I got this ASA on ebay, it came with no ASA 3DES License Key. I went on the Cisco site and got one for free.

I even ended up with a full Security Plus license !!! fully loaded.

It was working on EI 8 on a old laptop, but EI 10 on my PC is more secure and did not allow the page to load, and it did not show the 3DES message. I saw it when I used firefox !

Firefox reported the 3DES missing, so this is how I found the problem. google it and found it.

So, JouniForss was right, all I needed to do is http 192.168.0.0 255.255.255.0 outside to enable VLAN2 on my home network.

Thanks to all.

Marvin Rhoads · ‎07-19-2013

You're welcome.

The root cause was highlighted when you went to ensure the strong encryption was active for ssl - "The 3DES/AES algorithms require a Encryption-3DES-AES activation key."

Now on to your studies.

Please remember to rate helpful posts and mark your question as answered.

John Bachman · ‎07-20-2013

Thanks again Marvin, you were right, I did not make the connection with your solution before I saw the message on firefox browser. I googled the error and ended up on a post where another security noob had the same problem.

I have a CCNA R &S and CCNA Voice, all on my own, I am now going for a CCNA Security. Just for fun, as Cisco certs are awesome!!