• Skip to content
  • Skip to footer

Packet6

San Francisco Bay Area Wi-Fi Professional Services

  • About Us
  • Blog
  • Services
  • Contact Us

encryption

Fixing HTTPS Issues on the ASA

June 10, 2013 by Rowell Dionicio 2 Comments

I was working on a Cisco ASA this week and came across an issue where I was unable to access the secure web server. The ASA was configured to have HTTP server enabled and I also allowed the interesting traffic to reach it via HTTPS.

Become an ASA Expert with – Cisco ASA: All-in-one Next-Generation Firewall, IPS, and VPN Services

Displaying the version resulted in the following licensing table:

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 100            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
VPN-DES                           : Enabled        perpetual
VPN-3DES-AES                      : Disabled       perpetual
Security Contexts                 : 2              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : 250            perpetual
Other VPN Peers                   : 250            perpetual
Total VPN Peers                   : 250            perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Enabled        perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual
IPS Module                        : Disabled       perpetual

Notice that I am not licensed for VPN-3DES-AES. This is a problem for me now and when I try to configure VPN. I was pretty damn sure that the Security Plus license came with encryption. I shouted out to the Twitter community hoping someone has came across the same issue.

I quickly got a response from @layer_3 who came up with the solution on Cisco’s support forums.

@rowelldionicio @packetologist I think you can request a separate activation key for 3DES running on K8. (?) supportforums.cisco.com/docs/DOC-17464

— Christopher Church (@layer_3) May 30, 2013

You’ll need your ASA serial and request a special VPN-3DES-AES license activation code. Add the activation code into the asa

ciscoasa# config t
ciscoasa(config)# activation-key xxxx xxxx xxxx xxxxx

Once the new key is activated, type show version.

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 100            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
VPN-DES                           : Enabled        perpetual
VPN-3DES-AES                      : Enabled        perpetual
Security Contexts                 : 2              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 250            perpetual
Total VPN Peers                   : 250            perpetual
Shared License                    : Disabled       perpetual

Now we have VPN-3DES-AES enabled. But I found that I still couldn’t access the ASA via HTTPS.

The resolution is to enable it with this command:

ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1

If you notice that some of my features were disabled, it’s because I incorrectly typed in my activation key. Typing in the 8.2+ activation key made everything work.

Footer

LET’S TALK

Are you ready to improve your wireless network?

WE'RE LISTENING

© Copyright 2018 Packet6 · All Rights Reserved ·