Cannot Connect to Brand New ASA

Posted on February 24, 2013 by

I opened the box on a brand new ASA 5515X a few days ago. Needless to say I was excited to get this thing into production. However, to my disappointment, I fired the firewall up and attempted to connect to the default management interface via HTTPS only to receive an error. Internet Explorer is always vague in its errors and basically told me nothing. Fortunately, Firefox gave me something to go on. It reported an SSL error.

cannot communicate securely with peer: no common encryption algorithm(s).

Again, it was fairly general and no descriptive.

I did some digging online and found an option to change and add SSL encryption options to the ASA’s config. I knew I was on to something. After jumping on the console and droping this line of configuration the problem was solved!

ciscoasa(config)#ssl encryption 3des-sha1 des-sha1 rc4-md5 aes128-sha1 aes256-sha1

And of course a quick show verifies it’s been added:

ciscoasa#show run | inc ssl
ssl encryption 3des-sha1 des-sha1 rc4-md5 aes128-sha1 aes256-sha1

The fix was easy but it wasn’t readily apparent, however. The documentation didn’t mention this and I had a difficult time finding anything online about it.
I hope someone else experiencing the same issue finds this and saves them self some time!

Be sure to check out Cisco’s site for other issues with the ASDM:
http://www.cisco.com/en/US/products/ps6121/products_tech_note09186a0080aaeff5.shtml

This entry was posted in Networking and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.