cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1964
Views
0
Helpful
3
Replies

New ASA 5525-X - no ADSM

EricKnorr
Level 1
Level 1

I just received 2 brand new Cisco 5525-X (OS 8.6).  I am unable to get any response when I browse to the https://192.168.1.1/Admin and http://192.168.1.1/Admin to pull up the ADSM.  I can connect via serial and do SHOW RUN and all of the command via CLI.

I can dhcp an address on the management network - and get a response from pinging the 192.168.1.1.

In the config it does list:

asdm image disk0:asdm-661114.bin

no asdm history enable

http server enable

http 192.168.1.0 255.255.255.0 management

What the heck is going on here? - this should work automatically out of the box

Eric

3 Replies 3

EricKnorr
Level 1
Level 1

The Web Browsers are displaying  

ssl_error_no_cypher_overlap

Error

Found this Article  http://kb.option-hk.com/?p=259

If you have a new Cisco ASA 5500 and try to connect to the web UI or connect to it using SSLVPN, you may find the connection failed with the following error show in a Firefox browser,

Error code: ssl_error_no_cypher_overlap

Check the out of the command “show run all ssl”

ciscoasa(config)# sh run all ssl

If it shows only the following:

ssl server-version any

ssl client-version any

Run the following command to enable the complete set of encryption algorithm:

ciscoasa(config)#ssl encryption 3des-sha1 des-sha1 rc4-md5 aes128-sha1 aes256-sha1

ciscoasa(config)# sh run all ssl

ssl server-version any

ssl client-version any

ssl encryption 3des-sha1 des-sha1 rc4-md5 aes128-sha1 aes256-sha1

Try again to connect and it may solve your problem.

-------------------------------------------------------------------------------

Basically...... it is shipped broken.  Shame on you Cisco. 

Yes the 8.6 (and 9.x) software began this odd change. I'm not quite sure why but we've taken to remembering a standard procedure of adding a strong cipher to the ssl list when unboxing a new X series. It smells like some regulatory or export compliance move but that's just speculation on my part.

FYI you only need one - aes256-sha1 is the strongest and what I use.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: