Just a note that out of the box, recent Cisco ASA hardware with new ASA software releases ships with broken SSL. This prevents the ASDM GUI (Advanced Security Device Manager) from functioning. To correct the problem, you must force the ASA to use the default SSL encryption methods. The problem is created when you have the following line in your ASA running configuration:
ssl encryption des-sha1. This command disables the other more secure SSL ciphers that are now required for ASDM communication allowing only the weak des cipher (now considered insecure which breaks ASDM). Use commands like the following to fix the problem.
show ssl show run ssl no ssl encryption des-sha1 show ssl show run ssl
As of ASA software version 9.1.x, the default SSL cipher list should be as follows (as output from “show ssl“). By default, I mean the cipher list corresponding to *no* “ssl encryption” commands visible in your ASA 9.1.x running config. If your list looks like this, ASDM will be allowed to communicate with your ASA. Standard ASDM configuration must still be applied, see official Cisco documentation for details.
Enabled cipher order: rc4-sha1 dhe-aes128-sha1 dhe-aes256-sha1 aes128-sha1 aes256-sha1 3des-sha1 Disabled ciphers: des-sha1 rc4-md5 null-sha1
Good luck with your Cisco ASDM solutions!