Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

ASA 5500-x: ASDM and other SSL function do not work out of the box

 

Symptoms

When  starting to configure a new ASA 5500-x platform running 8.6(1) code,  many of us have had issues running ASDM on the management port. The  browser does not load ASDM.

 

Conditions

This is seen on ASA 5500-X boxes that have a factory config.

 

Problem

This seems to be caused by the pressense of the following config:

 

ssl encryption des-sha1

Most browsers will reject the SSL connection with that cipher choice.

 

Resolution

First make sure that you have the correct license installed and then correct the config line:

 

no ssl encryption des-sha1
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
Version history
Revision #:
2 of 2
Last update:
‎08-24-2017 06:14 AM
Updated by:
 
Labels (1)
Contributors
Everyone's tags (7)
Comments
New Member

I was stuck in my datacenter for over 2 hours trying to get this to work until I found this link.

Thank you!

It worked like a charm

SaJ

New Member

Thanks a billion, its almost embarassing how long i have been troubleshooting this issue.

New Member

This one caught me too. 30 minutes of head scratching.

Thanks for posting!

New Member

Had this issue with a brand-new ASA-5505 right out of the box. This fix did the trick. Thank you.

ASDM v6.4(5)

ASA v8.2(5)

ciscoasa# sh ru ssl

ssl encryption des-sha1

ciscoasa# conf t

ciscoasa(config)# no ssl encryption des-sha1

ciscoasa(config)# ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1

ciscoasa(config)# exit

ciscoasa# sh ru ssl

ciscoasa#        <---doesn't show anything, so it's assumed at default setting.

New Member

Wow, glad I found this one, I was going nuts thinking I did something wrong in the setup. Works!

New Member

works a treat thanks

New Member

THANK YOU !!!!!!!!!!!!! 

2 hours I thought I was going crazy , I appreciate the effort and the info

you are a life saver

New Member

Ahhh, thats why my Anyconnect doesnt work, and webvpn too.

Why the hell but cisco that crap on a ASA Box -> ssl encryption des-sha1

thanks, solution worked

Even while doing SSH, putty was giving an error attached.

Shouldnt Cisco upgrade the security levels in brand new asa boxes ?

 

 

 

 

New Member

To me either...

I can't do work this, please, help me.

I have a new ASA5545-x, and I can't connect by SSL

 

New Member

I had a similar issue.

 

SSL encrytion is an old command so I made the following changes to get the ASDM to work when i  was reciving the following error:

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

 

no ssl cipher tlsv1.2 high

ssl cipher tlsv1.2 fips ( I actually used custom but changing it to fips first)