Добрый день.Ситуация - решил обновить asdm и ios на своей ASA5505 (Security Plus). Залил asdm-715-100, перезапустил - все работает. Затем asa914-k8 (до этого была asa902-k8), перезагрузил. Все загрузилось, но при заходе через ASDM выдало "Certificate Validation Failure".
Через консоль "no http authentication-certificate inside", после этого вошел. Но не могу войти через web, второй день ковыряюсь. Понимаю что что-то с сертификатами, но не пойму что, java поставил 6-ю, все разрешил, пытался по рекомендациям добавить нового пользователя - не помогло.
Добавил в винду [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002]
"Functions"="TLS_RSA_WITH_DES_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_RC4_128_MD5,SSL_CK_RC4_128_WITH_MD5,SSL_CK_DES_192_EDE3_CBC_WITH_MD5,TLS_RSA_WITH_NULL_MD5,TLS_RSA_WITH_NULL_SHA", - тоже не помогает.
Куда копать?
CSSIasa# sh ver
Cisco Adaptive Security Appliance Software Version 9.1(4)
Device Manager Version 7.1(5)100
Compiled on Thu 05-Dec-13 19:37 by builders
System image file is "disk0:/asa914-k8.bin"
Config file at boot was "startup-config"
CSSIasa up 23 hours 59 mins
Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz,
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW016 @ 0xfff00000, 2048KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode : CNLite-MC-SSLm-PLUS-2_05
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.09
Number of accelerators: 1
0: Int: Internal-Data0/0 : address is e8b7.4862.4c44, irq 11
1: Ext: Ethernet0/0 : address is e8b7.4862.4c3c, irq 255
2: Ext: Ethernet0/1 : address is e8b7.4862.4c3d, irq 255
3: Ext: Ethernet0/2 : address is e8b7.4862.4c3e, irq 255
4: Ext: Ethernet0/3 : address is e8b7.4862.4c3f, irq 255
5: Ext: Ethernet0/4 : address is e8b7.4862.4c40, irq 255
6: Ext: Ethernet0/5 : address is e8b7.4862.4c41, irq 255
7: Ext: Ethernet0/6 : address is e8b7.4862.4c42, irq 255
8: Ext: Ethernet0/7 : address is e8b7.4862.4c43, irq 255
9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
10: Int: Not used : irq 255
11: Int: Not used : irq 255
Licensed features for this platform:
Maximum Physical Interfaces : 8 perpetual
VLANs : 20 DMZ Unrestricted
Dual ISPs : Enabled perpetual
VLAN Trunk Ports : 8 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Standby perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
AnyConnect Premium Peers : 25 perpetual
AnyConnect Essentials : 25 perpetual
Other VPN Peers : 25 perpetual
Total VPN Peers : 25 perpetual
Shared License : Enabled perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled perpetual
Advanced Endpoint Assessment : Enabled perpetual
UC Phone Proxy Sessions : 24 perpetual
Total UC Proxy Sessions : 24 perpetual
Botnet Traffic Filter : Enabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Disabled perpetual
This platform has an ASA 5505 Security Plus license.
Configuration register is 0x1
Configuration last modified by michail at 13:16:22.378 AQTST Thu Mar 13 2014