07-18-2013 12:43 PM - edited 03-11-2019 07:14 PM
Hi, Just purchased a ASA5505 for my CCNA Security
I want to use one of the interface (the outside interface VLAN2 port eth0/0) to connect to my home network to be able to mange it and use ADSM form my PC. This eth0/0 is set for DHCP on the ASA and I optain IP 192.168.30.151 from my Cisco e4200 home router. Now, I can not https to acess it. I can only access it thru VLAN1 (the inside VLAN) thru a closed network.
How can I connect the VLAN2 port 0 interface to my network ? I can ping it, but can not https into it. Do I need to setup DMZ or Application/gamig port ?
Thank you.
Solved! Go to Solution.
07-18-2013 08:43 PM
I have removed the e4200 and connected a cable between the the pc and the asa.
I can ping .163 but can not https into it.
Sent from Cisco Technical Support iPad App
07-18-2013 08:46 PM
Did you try adding the "ssl encryption des-sha1 aes256-sha1"?
Does anything happen on the ASA's ASDM log as you try to connect?
07-18-2013 08:49 PM
kindly post dir and show asdm image output.
also, put the command that marvin suggested earlier and try again ssl encryption des-sha1 aes256-sha1
07-18-2013 08:56 PM
Thanks, I will try the command Marvin posted.
I have upgraded the Asa to 9.1, I will post flash disk0:/
Sent from Cisco Technical Support iPad App
07-19-2013 09:26 AM
it works fine from the inside interfaces, (eth 1-7) but not from the outside interface (0)
Even after I entered
http 192.168.0.0.255.255.255.0 outside
I tried the command from Marvin, but since it worlk on the inside interfces, that cant be it.
Maybe I will just go back to the 8.2.1 version, might a be a but after i ungraded to 9.1 Thanks !
asa5505# config t
asa5505(config)# ssl encryption des-sha1 aes256-sha1
The 3DES/AES algorithms require a Encryption-3DES-AES activation key.
asa5505(config)#
asa5505(config)#
asa5505(config)# sh flash
--#-- --length-- -----date/time------ path
10 4096 Jan 01 2008 00:00:22 log
16 4096 Jan 01 2008 00:00:28 crypto_archive
17 4096 Aug 28 2008 00:23:10 coredumpinfo
18 59 Jan 01 2008 00:01:44 coredumpinfo/coredump.cfg
92 27482112 Aug 28 2008 02:04:08 asa912-k8.bin
93 18097844 Aug 28 2008 02:04:50 asdm-713.bin
94 2418 Jan 01 2008 00:01:24 8_2_1_0_startup_cfg.sav
95 1189 Jan 01 2008 00:01:44 upgrade_startup_errors_200801010001.log
127111168 bytes total (81002496 bytes free)
asa5505(config)
07-19-2013 05:06 PM
Spent all afternoon on this, but I fixed it.
The fact that I was not able to https into it, was because of the activation keys, - I had none !
Even I got this ASA on ebay, it came with no ASA 3DES License Key. I went on the Cisco site and got one for free.
I even ended up with a full Security Plus license !!! fully loaded.
It was working on EI 8 on a old laptop, but EI 10 on my PC is more secure and did not allow the page to load, and it did not show the 3DES message. I saw it when I used firefox !
Firefox reported the 3DES missing, so this is how I found the problem. google it and found it.
So, JouniForss was right, all I needed to do is http 192.168.0.0 255.255.255.0 outside to enable VLAN2 on my home network.
Thanks to all.
07-19-2013 07:35 PM
You're welcome.
The root cause was highlighted when you went to ensure the strong encryption was active for ssl - "The 3DES/AES algorithms require a Encryption-3DES-AES activation key."
Now on to your studies.
Please remember to rate helpful posts and mark your question as answered.
07-20-2013 08:30 AM
Thanks again Marvin, you were right, I did not make the connection with your solution before I saw the message on firefox browser. I googled the error and ended up on a post where another security noob had the same problem.
I have a CCNA R &S and CCNA Voice, all on my own, I am now going for a CCNA Security. Just for fun, as Cisco certs are awesome!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide