When starting to configure a new ASA 5500-x platform running 8.6(1) code, many of us have had issues running ASDM on the management port. The browser does not load ASDM.
This is seen on ASA 5500-X boxes that have a factory config.
This seems to be caused by the pressense of the following config:
ssl encryption des-sha1
Most browsers will reject the SSL connection with that cipher choice.
First make sure that you have the correct license installed and then correct the config line:
no ssl encryption des-sha1
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
I was stuck in my datacenter for over 2 hours trying to get this to work until I found this link.
It worked like a charm
Thanks a billion, its almost embarassing how long i have been troubleshooting this issue.
This one caught me too. 30 minutes of head scratching.
Thanks for posting!
Had this issue with a brand-new ASA-5505 right out of the box. This fix did the trick. Thank you.
ciscoasa# sh ru ssl
ciscoasa# conf t
ciscoasa(config)# no ssl encryption des-sha1
ciscoasa(config)# ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
ciscoasa# <---doesn't show anything, so it's assumed at default setting.
Wow, glad I found this one, I was going nuts thinking I did something wrong in the setup. Works!
works a treat thanks
THANK YOU !!!!!!!!!!!!!
2 hours I thought I was going crazy , I appreciate the effort and the info
you are a life saver
Ahhh, thats why my Anyconnect doesnt work, and webvpn too.
Why the hell but cisco that crap on a ASA Box -> ssl encryption des-sha1
thanks, solution worked
Even while doing SSH, putty was giving an error attached.
Shouldnt Cisco upgrade the security levels in brand new asa boxes ?
To me either...I can't do work this, please, help me.I have a new ASA5545-x, and I can't connect by SSL
I had a similar issue.
SSL encrytion is an old command so I made the following changes to get the ASDM to work when i was reciving the following error:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
no ssl cipher tlsv1.2 high
ssl cipher tlsv1.2 fips ( I actually used custom but changing it to fips first)